This package enables monitoring the execution of composite services and generating alerts when any malfunction in the proper service operation is identified. Such malfunctions can refer to the violation of a service contract and/or the change in the trustworthiness and/or threat level of the offered composite service. The package enables subscriptions to service monitors for specific types of events. It, then, captures the events produced from the service execution environment and analyses them to generate alerts and notifications at the application layer for potential breach in the experienced secure service provisioning.
SMN consists of several add-on components, and is not a stand-alone package by itself. It would typically be used to extend the Secure Service Specification and Deployment package.
The location of the package is: https://github.com/AniketosEU/Security-Monitoring-and-Notification
The Service Composition Framework (SCF), which is a process modelling tool (based on Activiti Designer) and is used to define rules to an existing composite service process for handling incidents identified during the execution of the service process.
- Primarily part of Secure Service Specification and Deployment package.
The Service Runtime Environment (SRE), which orchestrates the subscription to monitors and generates the events during the composite service execution.
- Primarily part of Secure Service Specification and Deployment package.
The Service Monitoring Module (SMM), which captures the events generated by the SRE and classifies them according to their type for further use.
- Currently not part of the open source release. Part of the commercial Aniketos release
The Service Threat Monitoring Module (STMM), which receives subscriptions of service components to threats and analyses an event referring to a change in the threat level of an offered composite service.
- Primarily part of Security Service Validation and Verification package. Part of the commercial Aniketos release
The Threat Repository Module (TRM), which exposes the list of registered threats and countermeasures encountered in ICT systems
- Primarily part of this package. Also part of Security Service Validation and Verification package.
- Should also include the threat uploader
The Security Policy Monitoring Module (SPMM), which is notified of the composite service contract and analyses an event referring to a service contract violation.
- Primarily part of this package.
The Security Property Determination Module (SPDM), which manages the security properties associated with a service.
- Primarily part of Secure Service Specification and Deployment package.
The Trustworthiness Component (TM), which is notified on the requirement for monitoring the trustworthiness values of the composite service and analyses an event referring to a change in the trustworthiness level of an offered composite service.
- Primarily part of two other packages (Secure Service Specification and Deployment package and Security Service Validation and Verification package).
The Notification Module (NM), which receives subscriptions for notifications to specific security events (i.e. contract change, trust level change, security property change, threat level change, etc.) and compiles the proper alert and notification messages to be communicated to the application and other involved Aniketos components.
- Primarily part of this package.
- The Android client is a subproject.