scieee Science in your language
[en] (orig)

D2.4 AMOE - v1

Author: Deimling, Franz
Publisher: Zenodo
DOI: 10.5281/zenodo.17177585
Source: https://zenodo.org/records/17177585/files/EMERALD_D2.4_AMOE-v1_v1.0.pdf
Deli e able D2.4
AMOE - 1
Edi o (s):
F anz Deimling (FABA)
Responsible Pa ne :
Fabaso R&D GmbH
S a us-Ve sion:
Final – 1.0
Da e:
31.10.2024
Type:
OTHER (SW)
Dis ibu ion le el:
PU
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 2 o 25
www.eme ald-he.eu
P ojec Numbe :
101120688
P ojec Ti le:
EMERALD
Ti le o Deli e able:
AMOE - 1
Due Da e o Deli e y o he EC
31.10.2024
Wo kpackage esponsible o he
Deli e able:
WP2 - Me hodology o knowledge ex ac ion
Edi o (s):
F anz Deimling (FABA)
Con ibu o (s):
Angela Fessl (KNOW)
Re iewe (s):
Angela Fessl (KNOW)
C is ina Ma ínez, Juncal Alonso (TECNALIA)
App o ed by:
All Pa ne s
Recommended/manda o y
eade s:
WP1, WP2, WP3, WP4 and WP5
Abs ac :
In e im e idence ex ac ion om policy documen s ha
can be in eg a ed wi h he ce i ica ion g aph
Keywo d Lis :
E idence ex ac ion, policy documen s, o ganisa ional
me ics
Licensing in o ma ion:
This wo k is licensed unde C ea i e Commons
A ibu ion-Sha eAlike 4.0 In e na ional (CC BY-SA 4.0
DEED h ps://c ea i ecommons.o g/licenses/by-sa/4.0/)
Disclaime
Funded by he Eu opean Union. Views and opinions
exp essed a e howe e hose o he au ho (s) only and
do no necessa ily e lec hose o he Eu opean Union.
The Eu opean Union canno be held esponsible o
hem.
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 3 o 25
www.eme ald-he.eu
Documen Desc ip ion
Ve sion
Da e
Modi ica ions In oduced
Modi ica ion Reason
Modi ied by
0.1
04.09.2024
Fi s d a e sion
F anz Deimling (FABA)
0.2
03.10.2024
Added ex and igu es o
“Implemen a ion” and “Deli e y and
usage”
F anz Deimling (FABA)
0.3
07.10.2024
Upda ed e e ences and ex s
F anz Deimling (FABA)
0.4
14.10.2024
Upda ed conclusions, execu i e
summa y, u u e wo k, e e ences,
o ma ing
F anz Deimling (FABA)
0.5
15.10.2024
Quali y Assu ance Re iew
Angela Fessl (KNOW)
0.6
28.10.2024
Add essed commen s o Quali y
Assu ance e iew
F anz Deimling (FABA)
0.7
29.10.2024
Final e iew
C is ina Ma ínez/
Juncal Alonso
(TECNALIA)
0.8
30.10.2024
Re ised documen based on he inal
e iew
F anz Deimling (FABA)
1.0
31.10.2024
Submi ed o he Eu opean
Commission
C is ina Ma ínez/
Juncal Alonso
(TECNALIA)
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 4 o 25
www.eme ald-he.eu
Table o con en s
Te ms and abb e ia ions ............................................................................................................... 6
Execu i e Summa y ....................................................................................................................... 7
1 In oduc ion ........................................................................................................................... 8
1.1 Abou his deli e able .................................................................................................... 8
1.2 Documen s uc u e ....................................................................................................... 8
2 Implemen a ion ..................................................................................................................... 9
2.1 Func ional desc ip ion ................................................................................................... 9
2.1.1 Fi ing in o he o e all EMERALD A chi ec u e ................................................. 13
2.2 Technical desc ip ion ................................................................................................... 14
2.2.1 P o o ype a chi ec u e ...................................................................................... 14
2.2.2 Technical speci ica ions ..................................................................................... 16
2.3 Tes ing and quali y managemen o e idence ex ac ion me hod ............................. 16
2.3.1 Anno a ion se up ............................................................................................... 16
2.3.2 Tes se up .......................................................................................................... 17
2.4 Limi a ions and u u e wo k ........................................................................................ 18
3 Deli e y and usage .............................................................................................................. 19
3.1 Package in o ma ion .................................................................................................... 19
3.2 Ins alla ion ins uc ions ............................................................................................... 19
3.3 Ins uc ions o use ...................................................................................................... 20
3.4 Licensing in o ma ion .................................................................................................. 23
3.5 Download ..................................................................................................................... 23
4 Conclusions .......................................................................................................................... 24
5 Re e ences ........................................................................................................................... 25
Lis o ables
TABLE 1. AMOE.01 - UPLOAD PDF DOCUMENT .................................................................................... 9
TABLE 2. AMOE.02 - PROVISION OF EXTRACTED EVIDENCE TO EVIDENCE STORE ....................................... 10
TABLE 3. AMOE.03 - REFINE EVIDENCE EXTRACTION APPROACH ............................................................ 10
TABLE 4. AMOE.04 - COMPARE RESULTS FROM MULTIPLE DOCUMENTS .................................................. 11
TABLE 5. AMOE.05 - SELECT METRICS PER DOCUMENT. ........................................................................ 11
TABLE 6. AMOE.06 - CLASSIFY DOCUMENT, SELECT RESPECTIVE METRICS (OPTIONAL) ............................... 12
TABLE 7. AMOE.07 - METRIC STATES ................................................................................................ 12
TABLE 8. OVERVIEW OF AMOE'S SOURCE CODE PACKAGE CONTENTS ....................................................... 19
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 5 o 25
www.eme ald-he.eu
Lis o igu es
FIGURE 1. EMERALD COMPONENT OVERVIEW DIAGRAM ...................................................................... 13
FIGURE 2. AMOE ARCHITECTURE DIAGRAM ......................................................................................... 14
FIGURE 3. SCREENSHOT OF ANNOTATIONS IN INCEPTION ..................................................................... 17
FIGURE 4. EMERALD UI MOCK-UP CONTAINING AMOE EVIDENCE DATA (D4.3 [8])................................. 21
FIGURE 5. EMERALD UI MOCK-UP FOR AMOE.05 (D4.3 [8]) ............................................................. 21
FIGURE 6. EMERALD UI SCREENSHOT DEPICTING A LIST OF AMOE FILES ................................................. 22
FIGURE 7. EMERALD UI SCREENSHOT DEPICTING A LIST OF EXTRACTED AMOE EVIDENCE FOR AN UPLOADED
POLICY FILE ............................................................................................................................. 22
FIGURE 8. EMERALD UI SCREENSHOT DEPICTING CURRENT IMPLEMENTATION OF AMOE EVIDENCE VIEW .... 23

D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 6 o 25
www.eme ald-he.eu
Te ms and abb e ia ions
AI
A i icial In elligence
AMOE
Assessmen and Managemen o O ganisa ional E idence
API
Applica ion P og amming In e ace
CPU
Cen al P ocessing Uni
CSP
Cloud Se ice P o ide
DB
Da abase
DoA
Desc ip ion o Ac ion
EC
Eu opean Commission
GA
G an Ag eemen o he p ojec
GPU
G aphical P ocessing Uni
GUI
G aphical Use In e ace
ID
Iden i ie
HTML
Hype ex Ma kup Language
IaaS
In as uc u e as a Se ice
KPI
Key Pe o mance Indica o
KR
Key Resul
MEDINA
P edecesso p ojec o EMERALD
NLP
Na u al Language P ocessing
nDCG
no malized Discoun ed Cumula i e Gain
PaaS
Pla o m as a Se ice
PDF
Po able Documen Fo ma
QA
Ques ion Answe ing
RCM
Reposi o y o Con ols and Me ics
SW
So wa e
TRL
Technology Readiness Le el
UI
Use In e ace
WP
Wo k Package
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 7 o 25
www.eme ald-he.eu
Execu i e Summa y
This deli e able p esen s he ini ial design, a chi ec u e, and implemen a ion s a e o he
Assessmen and Managemen o O ganisa ional E idence (AMOE) componen , an e idence
ex ac o o policy documen s. The main con ibu ions a e ela ed o he key esul KR1-
EXTRACT o EMERALD, a amewo k o con inuously ex ac knowledge om di e en laye s o
a cloud se ice and p epa e sui able e idence based on hem.
The policy documen e idence ex ac o , de eloped in Task 2.3 and desc ibed in his deli e able,
aims a iden i ying ele an ex segmen s ela ed o secu i y ela ed ea u es, as de ined in he
espec i e EMERALD me ics based on speci ic con ols and secu i y equi emen s o a ious
secu i y schemes. The ex ac ed e idence is s o ed in he EMERALD E idence S o e. O he
ela ed deli e ables in WP2, all due a p ojec mon h 12 (Oc obe 2024), p o ide unc ional and
echnical de ails on u he e idence ex ac o s om di e en sou ces, i.e., D2.2 [1] on sou ce
code e idence ex ac ion in Task 2.2, D2.6 [2] on secu i y and p i acy p ese ing e idence
ex ac ion in Task 2.4, D2.8 [3] on un ime da a ex ac ion in Task 2.5. All hese de ails
con ibu ed o D2.1 [4] on he o e all in o ma ion model o he ce i ica ion g aph in Task 2.1.
This documen s a s by illus a ing how he policy documen e idence ex ac o i s in o he
o e all EMERALD a chi ec u e. The main pa p o ides unc ional and echnical desc ip ions o
he e idence ex ac o AMOE, including i s pu pose and scope, he (cu en and planned)
co e age o he EMERALD equi emen s, he componen s’ in e nal a chi ec u e and hei
subcomponen s. These desc ip ions a e complemen ed by in o ma ion on deli e y and usage,
as well as on limi a ions and u u e wo k. Finally, he documen concludes wi h a sho summa y.
Based on he wo k desc ibed in his deli e able, he policy documen e idence ex ac o will be
u he ex ended and in eg a ed in o he EMERALD amewo k. This is he i s i e a ion o he
deli e able coming om Task 2.3. The second and inal e sion o his deli e able (D2.5 [5]) wi h
he upda ed ex ac o will be deli e ed in p ojec mon h 24 (Oc obe 2025).
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 8 o 25
www.eme ald-he.eu
1 In oduc ion
EMERALD aims o o e a sui e o ools and echniques o e idence collec ion, le e aging a
knowledge g aph-based app oach. KR1-EXTRACT acili a es a uni ied, ool-suppo ed
me hodology o con inuously ex ac ing knowledge ac oss a ious laye s o a cloud se ice—
such as in as uc u e, pla o m, un ime da a, policy documen s, so wa e, and AI models.
The goal o WP2 is o de elop a cohesi e iew o he cloud se ice being ce i ied by ex ac ing
and en iching knowledge om hese laye s and gene a ing ele an e idence o secu i y
me ics. A key ocus o his wo k package is he esea ch and design o ools and echniques o
ex ac knowledge om di e se sou ces. Cen al o his is he E idence S o e, u ilizing a g aph-
based model ha ac s as a common s uc u e, popula ed by all e idence ex ac ion ools wi h
e idence
1
.
1.1 Abou his deli e able
The goal o his deli e able is o p esen he EMERALD e idence ex ac o ool AMOE and how
i is in eg a ed in o he EMERALD amewo k. This epo e lec s he cu en p o o ype o
AMOE, which was o iginally launched in MEDINA
2
. In EMERALD, i should be ad anced o a
highe TRL and imp o ed o e i y ha he unc ionali y is adap ed o he needs o he EMERALD
pilo use cases.
EMERALD ollows a knowledge g aph-based app oach o p o ide a uni ied iew o he cloud
se ice unde ce i ica ion a di e en laye s o he se ice. The di e en e idence ex ac ion
ools a e anging om he in as uc u e laye (e.g., i ual esou ces), o he business laye (e.g.,
policies and p ocedu es), o he implemen a ion laye (e.g., sou ce code iles), and he da a laye
(e.g., inc easingly used AI models) in cloud applica ions. AMOE ocuses on p o iding e idence
based on policy documen s which shall be included in o he whole au oma ed ce i ica ion
p ocess. This deli e able will gi e insigh s in o he echnical and unc ional app oach ha AMOE
uses o suppo he key esul s o he p ojec (e.g. he use cases demons a ed by he pilo s as
well as he echnical in eg a ion ia he ce i ica ion-g aph and e idence ex ac ion wo k lows
o EMERALD).
1.2 Documen s uc u e
The documen is s uc u ed as ollows. In Sec ion 2, he unc ional and echnical desc ip ions o
AMOE a e desc ibed. This co e s he equi emen s o AMOE in he EMERALD p ojec as well as
he AMOE a chi ec u e desc ip ion and how i i s in o he whole EMERALD a chi ec u e.
Fu he mo e, an o e iew o he es ing and quali y managemen o e idence ex ac ion is
desc ibed alongside he anno a ion se up. Addi ionally, his sec ion includes limi a ions and
u u e wo k o be commenced ega ding AMOE.
Sec ion 3 ocuses on he deli e y and usage o AMOE. Fi s he package and i s con en s a e
desc ibed, ollowed by ins alla ion and deploymen ins uc ions. Second, his sec ion also
p o ides some ins uc ions o use, licensing in o ma ion, and whe e o download he cu en
public e sion.
The deli e able is concluded in Sec ion 4, ollowed by some e e ences in Sec ion 5.
1
Fo de ails consul he AMOE and he E idence S o e da a model p esen ed in deli e able D1.1 [9]
2
h ps://medina-p ojec .eu/
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 9 o 25
www.eme ald-he.eu
2 Implemen a ion
The ollowing subsec ions p o ide unc ional and echnical desc ip ions o AMOE.
2.1 Func ional desc ip ion
O e all pu pose. AMOE is based on a p o o ype de eloped in a p e ious p ojec called MEDINA2.
I is designed o ex ac e idence based on me ics, which a ge speci ic pa s o policy
documen s. A e he ex ac ion p ocess, he e idence can be inspec ed in a GUI (G aphical Use
In e ace) ha comes wi h AMOE o e ie ed ia he API. Once he e idence esul s ha e been
e iewed by a use , hey can be o wa ded o he EMERALD amewo k.
Con ex , scope and mo i a ion. AMOE allows o ans o m he o ganisa ional p ocess o
checking policy documen s o hei con en in o a echnical p ocess. Tex passages can be
checked agains p ede ined goals and a ge alues. As policy documen s a e a he s a ic,
compa ed o o he e idence ga he ed (e.g. log iles, un ime in o ma ion), he e idence
ga he ing is done once pe documen o a speci ic se o me ics and a ge alues. In he case
upda es a e equi ed, he new documen is p ocessed, and addi ional e idence is p oduced. The
policy e idence esul s a e in eg a ed in o he EMERALD audi p ocess ia submission o he
E idence S o age componen and subsequen p ocessing in he Assessmen componen .
Requi emen s. The ele an equi emen s om D1.3 [6] wi h hei espec i e implemen a ion
s a e (pa ially / ully / no implemen ed) and a b ie desc ip ion o how hey a e / will be
implemen ed a e gi en in Table 1 o Table 7.
Table 1. AMOE.01 - Upload PDF documen
Field
Desc ip ion
Requi emen ID
AMOE.01
Sho i le
Upload PDF documen .
Desc ip ion
The componen shall be able o ecei e a PDF documen ia API and
p ocess i s con en s ega ding he de ined me ics. The PDF shall ecei e
a unique ID so ha i can be e ie ed and dele ed la e on.
S a us
Wo k in P og ess
P io i y
Mus
Componen
AMOE
Sou ce
Componen
Type
Technical
Rela ed KR
KR1_EXTRACT, KR2_CERTGRAPH, KR8_PILOTS
Rela ed KPI
KPI 1.1
Valida ion
accep ance c i e ia
The use can upload a documen ia API. The use shall be able o e ie e
documen me a da a by using he unique id ha is e u ned on success ul
upload. The p ocess shall inish in easonable ime.
P og ess
90%
Miles one
MS2: Componen s V1 (M12)
AMOE p o ides he unc ionali y o upload a PDF documen ia i s API. A he cu en
implemen a ion s a us, he p ocessing is s a ed immedia ely a e he upload o he documen
is comple ed and a unique ile ID is e u ned. A e he me ics ha e been p ocessed o he
documen , he ex ac ed esul s can be e ie ed using he unique ile ID. I AMOE.05 is
implemen ed, he p ocessing is only done o a se o selec ed me ics – and s a ed on demand
(no di ec ly a e he upload).
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 16 o 25
www.eme ald-he.eu
ask- a ained model o a QA sys em can p o ide answe s o a ques ion, gi en a ques ion and
ex as inpu . The op answe o he QA is p o ided by he sys em. Mo e de ails and al e na i e
app oaches es ed (e.g. using cosine-simila i y), a e desc ibed in he pape [8].
QA quali y checks
The ques ion answe ing (QA) quali y check subcomponen enables he use o compa e he
ex ac ed e idence (using e.g. he keywo d-based app oach) wi h he anno a ions expo ed
om he INCEpTION ool. See Sec ion 2.3 o de ails on he quali y managemen p ocess.
2.2.2 Technical speci ica ions
The AMOE ool is w i en in Py hon >=3.12. I uses a ious Py hon lib a ies as well as he
pd oh ml unc ionali y om popple u ils
10
. The webse ice is buil on Qua
11
, he e idence
ex ac ion is based on ans o me s
12
, PyTo ch
13
and he obe a-base-squad2
14
model om
hugging ace.
The componen is using MongoDB
15
and Redis
16
o s o e he da a. E idence and logs a e s o ed
in he MongoDB. Redis is used in pa wi h he qua -session lib a y.
2.3 Tes ing and quali y managemen o e idence ex ac ion me hod
To es he e idence ex ac ion me hod used in AMOE, he ex ac ed da a is compa ed o some
p ede ined a ge alues. This allows us o compu e some sco es ha can be used o adjus he
se ings o he app oach. The quali y managemen is hus spli in o wo pa s: 1) he anno a ion
se up and 2) he execu ion o es s, e alua ion, and analysis o he esul s.
2.3.1 Anno a ion se up
This sec ion desc ibes he da a anno a ion p ocess and p epa a ional s eps. Fi s , he policy
documen s (PDFs) need o be ga he ed. Also, he anno a ion so wa e INCEpTION
17
needs o be
se up and unning. Then an anno a ion p ojec can be se up by adding he lis o me ics o he
ag se and con igu ing he laye s o be anno a ed.
The ag se o he me ics can be gene a ed using an excel lis /cs con aining he me ic ids wi h
he suppo o he py hon p og am supplied in he AMOE sou ce code
“s c/ex ac _me ic_ ag_lis .py”.
A e he INCEpTION p ojec is se up, he policy documen s can be uploaded, and use s can
anno a e he iles. To anno a e, he ex mus be selec ed and a e wa ds a me ic can be
assigned. I he me ic o anno a ion is ho e ed, mo e in o ma ion is displayed such as he
desc ip ion ha has been con igu ed in he ag se . Once he documen has been anno a ed,
he cu a ion p ocess can be applied o ensu e high quali y da a. In he cu a ion s ep, mul iple
anno a ions by di e en use s a e combined in o a single sou ce o u h, which can be expo ed
and used o he quali y assessmen o he e idence ex ac ion app oach. Figu e 3 depic s a
10
h ps://popple . eedesk op.o g/
11
h ps://pypi.o g/p ojec /qua /
12
h ps://gi hub.com/hugging ace/ ans o me s
13
h ps://py o ch.o g/
14
h ps://hugging ace.co/deepse / obe a-base-squad2
15
h ps://www.mongodb.com/
16
h ps:// edis.io/
17
h ps://incep ion-p ojec .gi hub.io/

D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 17 o 25
www.eme ald-he.eu
sc eensho o he anno a ion iew in INCEpTION. In he speci ic case shown he anno a ed ex
samples a e highligh ed in g een.
Figu e 3. Sc eensho o anno a ions in INCEpTION
2.3.2 Tes se up
This sec ion desc ibes he possible es s o be commenced in he p ojec o check he
pe o mance o he e idence ex ac ion app oach and une i o he me ics/documen s o he
EMERALD p ojec . The expo ed anno a ions (g ound u h) can be compa ed o he esul s o
AMOE. The mos basic sco e ha can be compu ed is based on he numbe o ma ches s he
o al numbe o me ics anno a ed. The e idence ex ac ion app oach shall be e alua ed by
compu ing his sco e pe pilo . Fo example, i o a documen 28 me ics ha e been anno a ed
in INCEpTION (#o anno a ed e idence) and AMOE e ie es he co ec answe o 19 me ics
(#co ec ly e ie ed e idence), he esul ing sco e would be ca. 0.68.
The pilo documen s di e depending on he conc e e use case (IaaS, PaaS, …), he language,
and he o ma ing. Di e en sco es will be analysed o ge a good o e iew o he di e en
domains and he pe o mance o e all.
The ques ion answe ing model ( obe a-base-squad2) can e ie e mul iple answe s ha can be
anked by he sco e associa ed. This sco e can be in e p e ed as a kind o p obabili y o how
likely he answe is o be co ec . These anked answe s can be used o compu e sco es like he
nDCG
18
- no malized Discoun ed Cumula i e Gain, which can help in uning he app oach o ank
ele an answe s highe . This sco e has so a no been applied o AMOE, as he cu en
18
h ps://en.wikipedia.o g/wiki/Discoun ed_cumula i e_gain
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 18 o 25
www.eme ald-he.eu
implemen ed app oaches p o ide a single answe . The main bene i o he nDCG will be in he
imp o emen o AMOE e idence ex ac ion app oaches as some in e im esul s can be uned.
2.4 Limi a ions and u u e wo k
One key challenge is he limi ed a ailabili y o da a, which es ic s he sys em’s abili y o p o ide
comp ehensi e answe s ac oss di e se domains. Addi ionally, language- ela ed limi a ions
a ise, as he model may s uggle o ex ac ele an esponses in languages i has no been
ained on. P i acy conce ns also play a signi ican ole, pa icula ly since he ool a oids using
p e- ained publicly a ailable AI models due o da a p o ec ion equi emen s, u he
cons aining he a ie y and quali y o da a inpu s. The models a e selec ed on he basis o hei
license as well as local ope abili y – o make su e, he da a does no ha e o lea e he p emise.
The p o o ype ope a es unde limi ed GPU and CPU esou ces, which hinde s he p ocessing
speed and scalabili y o he sys em, a ec ing i s o e all e iciency and pe o mance when
handling complex que ies o la ge da ase s. The p ocessing ime o he cu en e idence
ex ac ion app oach is dependen on he inpu size – longe documen s po en ially ake longe
o p ocess. Howe e , his is somewha mi iga ed by applying keywo ds o educe he sea ch
space (see also [8]).
AMOE is designed o suppo in he assessmen and managemen o policy documen s, bu no
o ully au oma e he assessmen . Wi h he cu en design, no gua an ee can be gi en ha he
AI models would e ie e he co ec e idence 100%. Gi en he limi ed da a se p o ided o he
p ojec by he di e en pa ne s, esul s migh be biased o speci ic use cases/me ics ha a e
only ele an o some o he pa ne s. The pe o mance will be e alua ed gi en he p o ided
esou ces, since he ocus o he p ojec is on inno a ion a he han esea ch.
A he cu en s a e o he p ojec , no all AMOE equi emen s ha e been implemen ed.
AMOE.07 lis s a ew possible me ic s a es ha could be added o imp o e he aceabili y and
usabili y o me ics. Fu he mo e, a he cu en s a e o AMOE i is impossible o de e mine o
su e whe he he a ge o a me ic is con ained in a documen . To limi he p ocessing esou ces
and ime wai ing o esul s and, mos o all, o ex ac mo e p ecise esul s he implemen a ion
o AMOE.05 is planned – selec ing me ics pe ile o a oid p ocessing non-sensical da a.
The la ges emaining equi emen is AMOE.03 – he imp o emen o he e idence ex ac ion
app oach. Fo he emainde o he p ojec AMOE.01, AMOE.02 and AMOE.04 will be wo ked
on and AMOE.06 is conside ed op ional o be add essed i enough esou ces a e a ailable and
o he equi emen s a e comple ed. The AMOE GUI will no be upda ed u he as i will be
in eg a ed in o he EMERALD UI.
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 19 o 25
www.eme ald-he.eu
3 Deli e y and usage
The ollowing sec ions gi e a sho o e iew o he deli e y and usage o he ool.
3.1 Package in o ma ion
AMOE can be deployed as a Docke con aine . Table 8 shows an o e iew o he eposi o y
olde s and iles.
Table 8. O e iew o AMOE's sou ce code package con en s
Folde
Desc ip ion
/
The oo olde con ains some helpe sc ip s and
con igu a ions needed o build and un AMOE (e.g.
Docke ile).
/kube ne es/
Con ains he Kube ne es19 iles o he deploymen
o AMOE.
/me ic_da a/
Con ains he local e sion o he me ics.
/s c
Con ains he sou ce code o AMOE
/s c/pa ag aph_ex ac ion/
Con ains he code o he p e-p ocessing pipeline.
/s c/qa/
Con ains he code o e idence ex ac ion using he
ques ion answe ing model as well as code o
compu e quali y sco es.
/s c/s a ic/
Con ains he s yleshee s and images o he
webse ice.
/s c/ empla es/
Con ains he HTML empla es o he webse ice.
/s c/u ils/
Con ains code o u ili y unc ions o he webse ice
such as use o o he EMERALD componen ’s API,
e idence ex ac ion and da abase managemen .
/ es s/
Con ains he es s o he AMOE API
/cloudi o -e idence-clien /
Con ains he epo o he gene a ed Py hon clien o
he E idence S o e API based on hei OpenAPI ile.
/o ches a o -clien /
Con ains he epo o he gene a ed Py hon clien o
he O ches a o API based on hei OpenAPI ile.
/ cm-clien /
Con ains he epo o he gene a ed Py hon clien o
he Reposi o y o Con ols and Me ics API based on
hei OpenAPI ile.
3.2 Ins alla ion ins uc ions
Clone he AMOE eposi o y. Se up a MongoDB and a Redis ins ance (see Kube ne es iles in he
eposi o y).
Se he ollowing en i onmen a iables o a iables di ec ly in he con ig.py:
• MONGODB_URL
• MONGODB_PORT
• MONGODB_USER
• MONGODB_PASSWORD
• REDIS_SERVICE
• REDIS_PASS
19
h ps://kube ne es.io/docs/concep s/wo kloads/con olle s/deploymen /
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 20 o 25
www.eme ald-he.eu
• REDIS_PORT
• KEYCLOAK_URL
• KEYCLOAK_REALM
• KEYCLOAK_CLIENT_ID
• KEYCLOAK_CLIENT_SECRET
• KEYCLOAK_USER
• KEYCLOAK_PASSWORD
Op ionally se (needed o deploy in p oduc ion wi h EMERALD componen s):
• CATALOGUE_API_URL
• ORCHESTRATOR_API_URL
• ALLOWED_ORIGINS
Run py hon3 -m hype co n -b 0.0.0.0 "s c.app:c ea e_app()" o deploy he
se ice locally, o deploy wi h Kube ne es.
3.3 Ins uc ions o use
Ins uc ions o use a e included in he AMOE’s public Gi Lab eposi o y
20
. The OpenAPI
documen a ion can be ound in he code eposi o y in Gi Lab as well as e ie ed o e e y
deploymen by accessing <amoe-se e -u l>/docs.
Figu e 4 and Figu e 5 display mock-ups o he EMERALD UI con aining in o ma ion ha is o will
be p o ided by AMOE. The i s depic s how he implemen a ion in he EMERALD UI could look
like o upload a policy ile o AMOE as well as how he e idence da a o a ce ain me ic could
be displayed. The second igu e p o ides a d a o he unc ionali y o AMOE.05 – which will
allow o selec a se o me ics o be e ie ed o a ile in AMOE.
Fo es ing pu poses o he AMOE in eg a ion in he EMERALD UI, some pages we e ec ea ed
like he o e iew page o uploaded documen s (Figu e 6), a page lis ing he me ada a o an
uploaded ile and p ocessed e idences – il e ed by sea ch e m “passwo d” (Figu e 7) and a
page allowing o se he assessmen s a us and compliance commen while in es iga ing he
ex ac ed e idence (Figu e 8).
20
h ps://gi .code. ecnalia.com/eme ald/public/componen s/amoe-assessmen -and-managemen -o -
o ganiza ional-e idence
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 21 o 25
www.eme ald-he.eu
Figu e 4. EMERALD UI mock-up con aining AMOE e idence da a (D4.3 [9])
Figu e 5. EMERALD UI mock-up o AMOE.05 (D4.3 [9])

D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 22 o 25
www.eme ald-he.eu
Figu e 6. EMERALD UI sc eensho depic ing a lis o AMOE iles
Figu e 7. EMERALD UI sc eensho depic ing a lis o ex ac ed AMOE e idence o an uploaded policy ile
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 23 o 25
www.eme ald-he.eu
Figu e 8. EMERALD UI sc eensho depic ing cu en implemen a ion o AMOE e idence iew
3.4 Licensing in o ma ion
The componen is planned o be licenced unde Apache 2.0.
3.5 Download
The componen code can be downloaded om he EMERALD public Gi lab eposi o y
21
.
21
h ps://gi .code. ecnalia.com/eme ald/public/componen s/amoe-assessmen -and-managemen -o -
o ganiza ional-e idence
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 24 o 25
www.eme ald-he.eu
4 Conclusions
AMOE is designed o ex ac ele an in o ma ion based on EMERALD me ics om di e en
policy documen s p o ided by he p ojec pa ne s. In his deli e able, he echnical epo o
he EMERALD e idence ex ac ion componen AMOE is p esen ed. The unc ional desc ip ion
and how AMOE i s in o he gene al EMERALD amewo k is desc ibed. Fu he mo e, a lis o
sub-componen s is gi en and how hey in e ac .
AMOE is using he APIs o o he EMERALD componen s - he Reposi o y o Con ols and Me ics
o e ie e in o ma ion o he me ics and secu i y schemes, he O ches a o o e ie e speci ic
a ge alues and me ic con igu a ions, and he E idence S o e o in eg a e he ex ac ed esul s
in o he EMERALD amewo k. The clien s a e gene a ed using he espec i e OpenAPI iles.
AMOE is buil using Py hon and di e en NLP lib a ies and p e- ained AI models. The basic
equi emen s a e unde de elopmen and he unc ionali ies a e o e ed o he EMERALD UI ia
a dedica ed AMOE API. The open equi emen s a e planned o he upcoming p ojec pe iod and
desc ibed in he second e sion o his deli e able D2.5 [5] in M24 (Oc obe 2025).
D2.4 – AMOE - 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 25 o 25
www.eme ald-he.eu
5 Re e ences
[1]
EMERALD Conso ium, “D2.2 Sou ce E idence Ex ac o – 1: E idence ex ac ion om
sou ce code ha can be in eg a ed wi h he ce i ica ion g aph,” 2024.
[2]
EMERALD Conso ium, “D2.6 ML model ce i ica ion – 1: Secu i y and p i acy p ese ing
e idence ha can be in eg a ed wi h he ce i ica ion g aph,” 2024.
[3]
EMERALD Conso ium, “D2.8 Run ime e idence ex ac o – 1: E idence ex ac ion om
un ime da a ha can be in eg a ed wi h he ce i ica ion g aph,” 2024.
[4]
EMERALD Conso ium, “D2.1 G aph On ology o E idence S o age: Desc ip ion o a
uni o m schema o s o ing and linking he e ogenous da a,” 2024.
[5]
EMERALD Conso ium, “D2.5 AMOE– 2,” 2025.
[6]
EMERALD Conso ium, “D1.3 EMERALD solu ion a chi ec u e - 1,” 2024.
[7]
MEDINA Conso ium, “D3.6 - Tools and echniques o collec ing e idence o echnical and
o ganisa ional measu es- 3,” 2023.
[8]
F. Deimling and M. Fazzola i, “AMOE: A Tool o Au oma ically Ex ac and Assess
O ganiza ional E idence o Con inuous Cloud Audi ,” In: A lu i, V., Fe a a, A.L. (eds) Da a
and Applica ions Secu i y and P i acy XXXVII. DBSec 2023. Lec u e No es in Compu e
Science, ol 13942. Sp inge , Cham. h ps://doi.o g/10.1007/978-3-031-37586-6_22,
2023.
[9]
EMERALD Conso ium, “D4.3 Use in e ac ion and use expe ience concep – 1,” 2024.
[10]
EMERALD Conso ium, “D1.1 Da a modelling and in e ac ion mechanisms - 1,” 2024.