View
216
Download
0
Category
Tags:
Preview:
Citation preview
FI-PPP Business Opportunities for SMEs
thierry.nagellen@orange.com
pascal.bisson@thalesgroup.com
April, 16th 2014
AGENDA
Part 1: Future Internet Public Private Partnership introduction
Part 2: FI-WARE, FI-Lab & FI-Ops: what’s that?
Part 3: FI-WARE websites
Part 4: Open Specs and API: opportunities for SMEs
Part 5: Some Generic Enablers Implementations
Part 6: Sum up for SMEs
2
PART 1
Future Internet
Public Private Partnership
Introduction
3
Future Internet Public Private Partnership introduction (1)
European initiative to structure collaborative projects into a common program
Industrial commitment to push research results to the market (pre-industrialisation)
Together techno-push and market-pull:
• Propose new technologies (European leadership)
• Interactions with Use-Cases (fullfiment of market requirements)
• Involvement of new partners (especially from vertical sectors)
Large budget: 300 M€ with 100 M€ dedicated to SMEs
4
Future Internet Public Private Partnership introduction (2)
5
OPEN INNOVATION
16 Accelerators
CONCORD: program coordination
INFINITY: infrastructures
Envirofi Environnemental Data
Outsmart Utilities & Urban Monitoring
Finseny Smart GridsInstant Mobility
Multimodal services in urban areas
Safecity Safer Cities
Finest Interurban Logistics
FI-Content Enriched Content
SmartAgriFood Fromethe farm to the fork
FI-Ware: Core Platform
FIspace SmartAgri+Logistics
FITMAN manufacturing
Finesce Smart Grid
Fi-Content 2
FI-Star eHealth
04/2011 04/2013 04/2014 04/2015
XiFi infrastructure
FI-Core: Tech Found.
I3HFIC3
INNOVATETEST
ADOPT !
Future Internet Public Private Partnership introduction (3)
More info about the programme and the projects www.fi-ppp.eu
6
FI-PPP Call 3
ScenariosUC platforms
Infrastructures
GenericEnablers
Regionalpolicies
Entrepreneurialcommunities
Services and applications
Phase 3 project
Phase 3 project
Phase 3 project
Results phase 1 + 2,……Brought intoup to 20 projects…
SME
SME
SMESME
SME
SME
SME
SME
SME
SME
SME
WE
WE
WE??
??
??
SMESME
SME SMESME
SME
SME
WE
SME
WE
WE??
??
??
WEWE
WE
WE
WE WE
WE WE
WE
WE
WE WE
WE
????WE
…Involving hundreds of SMEs and WebEntrepreneurs…
…Developing services and applications.
Future Internet Public Private Partnership introduction (4)
Future Internet Public Private Partnership introduction (5)
Main messages
8
Video 1
Campus Party 2013 in London
9
PART 2
What’s that ?
10
FI-WARE, FI-Lab, FI-Ops: what’s that? (1)
They are 3 products
FI-WARE:
• Provide Generic Enablers
• Something you can use in different ways for your « own »platform
• Common part to break the silos
FI-Lab
• A sandbox to test and use Generic Enablers
• Cloud facilities distributed through Europe (5+12 data centers)
• What you get: free Virtual Machines (5) + 10Gb
FI-Ops: for paltform providers
• Tools to deploy and federate the data centers using FI-WARE framework
11
FI-WARE, FI-Lab, FI-Ops: what’s that? (2)
FI-WARE: architecture overview
12
FI-WARE Generic Enablers
Cloud Enablers
Data /Context Enablers
IoT Enablers
Apps Enablers
I2ND Enablers
Security Enablers
PART 3
FI-WARE Websites
15
FI-WARE websites (1)
Everything is on www.fi-ware.org
But we will have a quick tour of:
• catalogue.fi-ware.org a kind of executive summary per Generic Enabler
• edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features
• wiki.fi-ware.org the place to find much more details
And then, you will be able to create your account on FI-Lab to play and test Generic Enablers
• lab.fi-ware.org
16
FI-WARE websites (3)
catalogue.fi-ware.org a kind of executive summary per Generic Enabler
18
FI-WARE websites (4)
catalogue.fi-ware.org a kind of executive summary per Generic Enabler
19
Provide feedback
FI-WARE websites (5)
edu.fi-ware.org the e-Learning platform to discover Generic Enablers Features
20
FI-WARE websites (6)
edu.fi-ware.org : you can find detailed courses per Generic Enabler
21
FI-WARE websites (7)
wiki.fi-ware.org the place to find much more details
22
Key points !
FI-WARE websites (7)
23
API
OpenSpecs
From descriptionto
concrete softwares
Video 3
Smart City Expo 2013
24
PART 4
Open Specs and API:
Opportunities for SMEs
25
Open Specs and API: opportunities for SMEs
26
Open Secs: FREE
• Documentation is available
• You can understand main features of Generic Enabler: (can be re-use for multiple verticals and associated service platforms)
• Your comments are more than welcome!
• Become part of the community and share with us, and with your ecosystem
API: FREE
• For your developers to plug your onw software into Generic Enablers
• To develop your own instances of Generic Enablers and be compliant & interoperable
• Open or create your paltform/services to/for other verticals
• Again, your comments and contributions are more than welcome!
Licence models (for concrete softwares)
• 70% are now in Open Source => you can contribute !
API example: OMA-NGSI (1)
27
OMA NGSI 9 & 10: API for 11 Generic Enablers
Data & Context Management:
• Context Broker
• Complex Event Processing
• Big Data
• Location Platform
Internet of Things
• Backend Device Management
• Backend Configuration Manager
• Backend Template Handler
• Backend IoT Broker
• Gateway Data Handling
• Gateway Device Management
• Gateway Protocol Adapter
API example: OMA-NGSI (2)
28
OMA NGSI 9 & 10 Data Model
API example: OMA-NGSI (3)
29
OMA NGSI 9 & 10 Operations
API example: OMA-NGSI (4)
30
OMA NGSI 10 RESTful interface: resource structure
API example: OMA-NGSI (5)
31
OMA NGSI convenience interactions examples
Video 4
Campus Party Brazil 2014
32
PART 5
Some Generic Enablers
Implementations
33
Internet of Things (1)
From Architecture to Implementation
34
Severalimplementations
Internet of Things (2)
Multiple implementation are linked to industrial partners technical choices
Backend Configuration Manager: Orion vs IoT Discovery
• Orion is a fully integrated version of Configuration Manager (IoT) and Context Broker (Data & Context Management)
• IoT Discovery is a Configuration Manager with optional features as geographical discovery (which are the things in this geographical area)
Gateway Protocol Adapter
• At least one instance per specific protocol • Available: Zigbee, Coap & EPC Global (RFID)
Other examples in other technical chapters:
• Security: Identity Management• Data & Context Management: Context Broker
35
Gateway Data Handling: Esper4FastData (1)
Provide intelligence inside gateways and transform data into information in real-time
36
Gateway Data Handling: Esper4FastData (2)
Its own detailed architecture
37
Video 5
Kurento demo in Campus Party Brazil 2014
38
Security Architecture
FI-WARE: Catalog http://catalogue.fi-ware.eu/
Security Monitoring GE
Focus on following features:MulVAL Attack Paths Engine
Scored Attack Paths
Remediation
Security Monitoring GE – V3 - Architectural design
Security Monitoring GE service offerFor FI-PPP Liaison we offer the following main functionalities:
• identifying the vulnerabilities and potential attacks,
• evaluating the business impact,
• proposing countermeasures and increase the cyber resilience.
4 steps:
1. extract semi-automatically all the information needed
2. generate attack graph by MulVAL
3. calculate the scored attack paths
4. compute some remediations with their cost
MulVAL Attack Paths Functions available for the User:
Visualized attack tree Global risk level: Score metrics
obtained from Common Vulnerability Scoring System (CVSS),
Functions available for the User: Visualized attack tree Global risk level: Score metrics
obtained from Common Vulnerability Scoring System (CVSS),
Inputs: Automatic collection
Information about network topology=> via Vulnerability scanners (Nessus, OVAL) and CMDB
Machines, Accounts, Network services, Dependency graph, IP / Hostname of the machines
Vulnerability identifier Via Common Vulnerabilities and Exposures (http://cve.mitre.org/)
Semi automaticSecurity Policy (Business dependent)
45
SecMon GE feature Attack Path Engine
Testbed:
http://secmonitoring.testbed.fi-ware.eu/AttackGraphEngine/attackgraph.jsp
Scored Attack Paths
Functions available for the User:
Extension of the score assessment at the path level Given a target node, each
path leading to that node is given a score.
The score of each path reflects the risk associated to the path as a whole
Business impact scoring (semi manual process)It is left to organisation taking into account the business challenges
Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised
Functions available for the User:
Extension of the score assessment at the path level Given a target node, each
path leading to that node is given a score.
The score of each path reflects the risk associated to the path as a whole
Business impact scoring (semi manual process)It is left to organisation taking into account the business challenges
Impact scoring offers an assessment of the extent to which processes and security policies are impacted when a given IT asset target has been compromised
Rationale: Risk scores provided by MulVAL is not sufficient
For each node in the attack graph, a risk score is computed
Does not allow a generic assessment of the attack graph as a wholeDoes not take into account the impact on processes and the business
Scored paths are mandatory for the remediation process (prioritization)
47
SecMon GE feature Scored Attack Path
Testbed:
http://secmonitoring.testbed.fi-ware.eu/ScoredAttackPaths
Remediation app
Functions available for the User:
Provide tool for proposing cost-sensitive remediations Propose remediations to
these attack paths with their cost
Validate the chosen remediation
Compute different remediation options that could interrupt the selected attack path A path may include several
vulnerabilities: each one of them can be targeted separately
Eliminating one single condition may interrupt the whole attack path
Functions available for the User:
Provide tool for proposing cost-sensitive remediations Propose remediations to
these attack paths with their cost
Validate the chosen remediation
Compute different remediation options that could interrupt the selected attack path A path may include several
vulnerabilities: each one of them can be targeted separately
Eliminating one single condition may interrupt the whole attack path Prerequisites:
Needs a remediation database (e.g. patches related to vulnerabilities)Use network topology (automatically collected) to compute which firewall rules could be deployed
49
SecMon GE feature Remediation App
Testbed:
http://secmonitoring.testbed.fi-ware.eu/Remediation
50
Access Control GE Functions available for the User:
RBAC & ABAC policy enforcement with XACML (OASIS standard)
REST API for PDP & PAP Multi-tenancy Attribute Sources
LDAP directory SQL DB REST/JSON API Easy integration of plugins for
other sources (extensible API) Flexible accounting OAuth token validation & parsing PEP
Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP
Java SDK for custom PEP
Functions available for the User:
RBAC & ABAC policy enforcement with XACML (OASIS standard)
REST API for PDP & PAP Multi-tenancy Attribute Sources
LDAP directory SQL DB REST/JSON API Easy integration of plugins for
other sources (extensible API) Flexible accounting OAuth token validation & parsing PEP
Ready-made PEP as HTTP Reverse-Proxy or Servlet PEP
Java SDK for custom PEP
FI-WARE Use Case – Cloud API Access Control Thales Use Case: GIS Access Control in a C4ISR system for French government & NATO
FI-WARE Security ChapterData Handling GE
Focuses on revealing specific attributes or other data according to defined privacy and security conditions
Deploys PPL language based on XACML to describe preferences and policies
Attaches these preferences and policies to the data
Allows definition of a specific retention period
FI-WARE Security Chapter
Privacy-Preserving Authentication GE
Provides building blocks to implement all roles of a privacy-preserving authentication system
Based on Idemix crypto engine
In particular, it allows identity providers to setup an online service for issuing
privacy-preserving attribute-based credentials (aka anonymous credentials)
end users to generate privacy-preserving tokens to anonymously authenticate to service providers
service providers to verify the user-generated tokens with respect to a given access policy
GEFI-WARE Security ChapterIdentity Management – DigitalSelf
Encompasses a number of aspects involved with users' access to networks, services and applications, including
Secure and private authentication
‘Authorisation & Trust’ management
‘User Profile’ management
Self management of personal data
‘Single Sign-On’ (SSO) to service domains
‘Identity Federation’ towards applications
Combined DemonstratorFI-WARE Security Chapter
WP8 Combined Demonstrator on Identity Management GE (NSN) Data Handling GE (SAP) Privacy GE (IBM)
>> Taking privacy work from ABC4Trust project Making it work in the FI-WARE Platform <<
Description of Use-CaseFI-WARE WP8 Combined Demonstrator
Demonstrator illustrates:Anonymous access to file store servicePolicy based access to resourcesUse of zero knowledge proof technology (Idemix)
By use of the Generic Enablers:Data Handling GE:An enhanced file store service allows access to resources based on “sticky” policiesPrivacy GE:Provides building blocks for ‘User in the Cloud’, ‘Verifier as a Service’ and ‘Issuer Service’Identity GE:An enhanced IDM system provides attributes (PII) needed for issuing credentials
Result:While respecting privacy of the user, selective attribute sharing will be supportedrestricted to the ‘need to know’ principle.
EIT-ICT Labs – FI-PPP Liaison ActivityGoal 2013
• create established links mutually beneficial between the FI-PPP and the EIT ICT Labs initiatives.
› 1. Instantiation of FI-WARE Testbed in the Trento Node to serve Living and Territorial Labs,
› 2. Bringing FI-WARE selected technologies to wide adoption by building new services,
› 3. Experimenting the Testbed in real cases and Business Model definition.
Results
• Adoption of FI-WARE Testbed as a playground where to inject new technologies (notably service marketplace at large, cloud computing, security, interface to network devices) and on top of which built new services,
• Instantiation of the Testbed and real use cases in specific territorial or living labs,
• Dedicated workshops with entrepreneurs, notably SMEs, and researchers. The outcomes are intended to boost the adoption of FI technologies within SMEs, Public Administrations, and visionary individuals with the aim of creating new innovative jobs and businesses.
FI-WARE, InfinityFI-WARE, Infinity
EIT Funding400 KEur
Non EIT Funding 75%
Digital forensics for (technical) evidence
While the indicated carriers only cover the RTD part of the implementation of the Testbed, with the support of EIT we introduced the Testbed in specific and well focused business or social environments. This goal requires training people and organisations (SMEs in particular), customization of the Testbed according to specific needs coming from business domains and community of users (notably living and territorial labs).
First experience on SMEs engagement, FI-PPP Liaison 2014 follow-up project will go further.
PART 6
Sum up for SMEs
57
Sum up for SMEs
Be ready for September 2014 (annoucement of calls mid-September)
• Discover FI-WARE Generic Enablers
• Use FI-Lab to play with new technologies
Be engaged in 2015
• Bring your « commercial » ideas
• Be funded to do innovation
• Build your new products/services
Find additional funding with ACCELERATORs support
• Bootstrap your own new business
• Think Big to become Bigger (international business)
58
http://fi-ppp.eu
http://fi-ware.eu
http://lab.fi-ware.eu
Follow @Fiware on Twitter !
Thanks !
59
Recommended