Publications

Publications

Alpha release of IDPS-ESCAPE

Abstractions Lab released the Alpha version of IDPS-ESCAPE on GitHub.

IDPS-ESCAPE, part of the CyFORT suite of open-source cybersecurity software solutions, addresses various aspects of cybersecurity as an ensemble, targeting different user groups, ranging from public to private and from CIRT/CSIRT to system administrators. The design of IDPS-ESCAPE is targeted to cloud-native deployments, with an eye on CERT/CSIRT-operated monitoring systems.

Click here to read the whole article












Original publication on the itrust Abstractions Lab website
Press release of IDPS-ESCAPE
IDPS-ESCAPE on itrust Abstractions Lab GitHub
IDPS-ESCAPE on GitHub

itrust Abstractions Lab released the Beta version of C5-DEC on GitHub

itrust Abstractions Lab released the Beta version of C5-DEC on GitHub. This release includes many new functionalities, mainly to assist with Common Criteria evaluations and efficient creation of technical documentation throughout the Secure Software Development Lift Cycle (SSDLC).


We will be happy to receive your feedback at info@abstractionslab.lu

Read the entire news, in english, on itrust Abstractions Lab
Read the translation of the entire news in french, on the itrust consulting website
C5-DEC on GitHub of itrust Abstractions Lab

Publication of OpenTRICK as open source tool

itrust consulting published the open source version of TRICK Service and added it the product list. OpenTRICK is a web-application supporting risk assessment and treatment.


OpenTRICK (formerly called TRICK Service) is a full-featured risk management tool, assisting in assessing risk, planning actions, as required by an ISO/IE 27001 compliant information security management system (ISMS). It accompanies you throughout the whole risk management process; starting with the definition of the risk context, covering risk estimation and treatment, and communicating the results. OpenTRICK prepares you to be certified for ISO 27001, to comply with the requirements of the GDPR, to export the RISK information in the json format requested by the LU regulator ILR or in order to respond to CSSF circular 12/544.

 

It covers a wide variety of features such as quantitative/qualitative analysis of risk scenarios, estimation of Return on Security Investment (ROSI) based on risk reduction factors (RRF), embedding of custom or pre-defined catalogues for rated security controls (27002, GDPR, 22301, IoT, …), multi-user support and access control, import/export, and versioning. It allows several risk assessment for different customers or contexts to share information such security and risk parameters over a central knowledge Base, thus explaining its name TRICK = Tool for Risk management of an ISMS based on a Central Knowledge base. Note that such information, e.g., ISO/IEC 27002 is copyright protection, i.e. cannot be part of this release, but it can be imported easily, based on formatted documents available at ILNAS.public.lu (e.g.) upon acquisition of the standard's copyrights (in near future).

 

OpenTRICK comes with user access management, activity logs, two-factor authentication, and smart input output feature interacting with Word and Excel.

Publication of Trick2MonarcApi | CS-GRAM open source tools

Open source Java API for MONARC (Optimised Risk Analysis Method), which allows risk information from other sophisticated risk management tools such as TRICK Service (Tool for Risk management of an ISMS based on a Central Knowledge base) to be imported by facilitating changes to the MONARC JSON data file. The tool has been developed to migrate risk information from several organisations within the scope of NIS into the data format required by the NIS regulator in Luxembourg.

This project conforms to MONARC version 2.12.7. This API reads a JSON data file exported from MONARC and gathers information by interpreting a subset of such a file and creating Java objects from the elements it can interpret from the exported JSON data file.
Furthermore, after the Java objects have been processed by this API, it can export a JSON file compliant with MONARC version 2.12.7.

The tool has been released as open source as part of the CyFORT project initiative, making its main features available for use and inviting further contributions.


Link to Trick2MonarcApi on GitHub - itrust consulting

Link to itrust Abstractions Lab

Publication of DRAW | CS-GRAM open source tools

The DRAW is an open source tool from itrust consulting and is used to graphically represent assets and their corresponding dependencies. The assets are represented as nodes in the graph and the dependency is represented as an edge from one asset to another. The asset carries information about the name of the asset and its type, e.g. the asset can be a financial asset, a business process, etc. The edge carries the dependency information and also the probability information. Probability implies the chances that one asset will affect the other asset.

The depiction of asset dependencies allows users to graphically see the impact of an asset on other assets. For example, if there is an edge between server and server data, this means that a problem with the server could cause a problem with the server data.

The dependency graph created by DRAW can also be synchronised with TRICK Service risk analysis tool by itrust consulting, enabling the user to perform more effective risk analysis based on asset dependencies and probability propagation associated with edges.

As of version v2.0.5, the tool also supports the Excel format for importing and exporting dependencies to the DRAW whiteboard.


The tool has been released as open source as part of the CyFORT project initiative, making its main features available for use and inviting further contributions.


Link to DRAW on GitHub - itrust consulting

Link to itrust Abstractions Lab

Publication of OpenARIANA | CS-GRAM open source tools

OpenARIANA has been developed to address the repetitive task of creating policies, particularly Information Security Management System (ISMS) policies. These documents often consist of standardised text that needs to be tailored to individual customer requirements. By tightly integrating with Microsoft Word, OpenARIANA streamlines the process of creating and customising documents in a professional environment. It provides a user-friendly interface that increases productivity and reduces manual effort, making the process of adapting standardised policies to specific customer needs both efficient and reliable.

The tool has been released as open source as part of the CyFORT project initiative, making its main features available for use and inviting further contributions.


Link to OpenARIANA on GitHub - itrust consulting

Link to itrust Abstractions Lab

Publication of ARIANA | CS-GRAM open source tools

The ARIANA tool, short for "Assistance for Reporting on Information system Audits with Normative Assessment", is designed as an add-on to Microsoft Word and Excel applications and provides a simple and reliable process for creating policies, creating or updating audit reports, managing Excel- and Word-based records of processing activities compliant with GDPR, and providing additional Word and Excel utilities useful to consultants in their day-to-day work.

The tool was developed by itrust consulting as a VBA application to provide standardised documentation in the ATENA project. The tool has been released as open source as part of the CyFORT project initiative, making its main features available for use and inviting further contributions.


Link to ARIANA on GitHub - itrust consulting

Link to itrust Abstractions Lab

Publication of C5-DEC CAD

C5-DEC, short for "Common Criteria for Cybersecurity, Cryptography, Clouds – Design, Evaluation and Certification", is a sub-project of the CyFORT project, which in turn stands for "Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience".

 

C5-DEC CAD, the software component of C5-DEC, is a suite of tools for computer-aided design and development (CAD), mainly dealing with: the creation and evaluation of secure IT systems according to the Common Criteria standards, secure software development life cycle (SSDLC), and what we refer to as cyber-physical system security assessment (CPSSA).

This repository contains the source code and full documentation (requirements, technical specifications, user manual, test case specifications and test reports) of C5-DEC CAD, exemplifying the C5-DEC method, which relies on storing, interlinking and processing all software development life cycle (SDLC) artifacts in a unified manner.


Link to itrust Abstractions Lab

International Conference on E-Business and Telecommunications (ICETE 2020).

Vazquez Sandoval I., Atashpendar A., Lenzini G., Ryan P.Y.A. (2021) PakeMail: Authentication and Key Management in Decentralized Secure Email and Messaging via PAKE. In: Obaidat M.S., Ben-Othman J. (eds) E-Business and Telecommunications. ICETE 2020. Communications in Computer and Information Science, vol 1484. Springer, Cham.

Links: Published article

Search-based test and improvement of machine-learning-based anomaly detection systems

Maxime Cordy, Steve Muller, Mike Papadakis, and Yves Le Traon 2019. Search-based test and improvement of machine-learning-based anomaly detection systems. Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery, New York, NY, USA, 158–168.

Links: Published article

Archive