Skip to content
Snippets Groups Projects
Select Git revision
  • f4147fa54ebc97afb6edaf71603258f0dcb01fe2
  • main default
2 results

static-risk-assessment-and-optimization-framework

  • Clone with SSH
  • Clone with HTTPS
    • user avatar
    updated db dump
    Stefano Fagnano authored
    f4147fa5
    History
    user avatar f4147fa5
    History
    Name Last commit Last update
    app
    db
    engine
    optimizer @ ac0cfa8b
    .gitignore
    LICENSE
    README.md
    docker-compose.yml
    README.md

    Static Risk Assessment and Optimization Framework

    The main goal of SATRA is to support the MEDINA certification verification process with a risk-based evaluation of non-conformities of a cloud service. SATRA is based on a simple and quick approach to cyber risk self-assessment. The tool requires two types of input: information about security measures and information about key assets of the enterprise. When these inputs are provided, the tool estimates the expected risk level and computes a deviation from the expected risk level for the same service but with all requirements implemented. This risk-based approach ensures that all important requirements are implemented and the missing ones do not significantly affect the risk level for this cloud service.

    Gat Started

    Static RAOF is composed with 3 microservices:

    • RAOF GUI: this service allow to execute the risk assessment by a survey. bused on the answers of each suvery's questions is possibile generate the risk coefficient.
    • RAOF API: this service release some API interface used to allow the comunication with RAOF without the GUI.
    • RAOF DATASTORE: Manage some database that store the information used to compute the risk assessment.

    Installation

    Each service is dockerized, in order to use these is needed to install docker-compose.

    keycloack configuration

    RAOF use an external Identity and Access Management tool called keyacloak. This tool generete a configuration composed by several parameters that must be inserted into engine and app service configuratioons.

    Cookie domain for engine comunication

    The file that must be modified is cofnig.proprties, the default value to allow contiainers comunication is localhost.

    #KEYCLOACK CONFIGS
cookie.domain=localhost

    keycloack configuration for the engine

    The file that must be modified is cofnig.proprties

    #KEYCLOACK CONFIGS
keycloak.realm=
keycloak.auth.server.url=
keycloak.ssl.required=
keycloak.resource=
keycloak.public.client=
keycloak.verify.token.audience=
keycloak.use.resource.role.mappings=
keycloak.confidential.port=

    keycloack configuration for the app

    The file that must be modified is keycloack_menager.py

    keycloack_set = 'config'

if keycloack_set == 'config':
    keycloak_openid = KeycloakOpenID(server_url="",
                                     client_id="",
                                     realm_name="",
                                     client_secret_key="")

    Usage

    Run RAOF Services

    ## chose RAOF root folder **
cd raof
### on Linux/macOS/Windows ###
docker-compose up --build

    License

    Static Risk Assessment and Optimisation Framework is Open Source software released under Apache 2.0 License.