D1.3 EMERALD solution architecture - v1

Author: Etxaniz, Iñaki

Publisher: Zenodo

DOI: 10.5281/zenodo.17045816

Source: https://zenodo.org/records/17045816/files/EMERALD_D1.3_EMERALD-solution-architecture-v1_v1.0.pdf

© EMERALD Conso ium Con ac No. GA 101120688 Page 1 o 73
Deli e able D1.3
EMERALD solu ion a chi ec u e- 1
Edi o (s):
Iñaki E xaniz
Responsible Pa ne :
TECNALIA Resea ch & Inno a ion
S a us-Ve sion:
Final- 1.0
Da e:
31.10.2024
Type:
R
Dis ibu ion le el (SEN, PU):
PU
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 2 o 73
P ojec Numbe :
101120688
P ojec Ti le:
EMERALD
Ti le o Deli e able:
D1.3 EMERALD solu ion a chi ec u e- 1
Due Da e o Deli e y o he EC
31.10.2024
Wo kpackage esponsible o he
Deli e able:
WP1 - Concep and me hodology o EMERALD
Edi o (s):
Iñaki E xaniz (TECNALIA)
Con ibu o (s):
FABA, TECNALIA, F aunho e , CNR, SCCH
Re iewe (s):
Ch is ian Banse (F aunho e )
C is ina Ma ínez, Juncal Alonso (TECNALIA)
App o ed by:
All Pa ne s
Recommended/manda o y
eade s:
WP1, WP2, WP3, WP4, WP5
Abs ac :
Ini ial e sion o he desc ip ion and design o he
a chi ec u e o he EMERALD solu ion and unde lying
componen in eg a ion.
Keywo d Lis :
A chi ec u e, Requi emen s, Sequence diag ams,
Componen ca ds
Licensing in o ma ion:
This wo k is licensed unde C ea i e Commons
A ibu ion-Sha eAlike 4.0 In e na ional (CC BY-SA 4.0
DEED h ps://c ea i ecommons.o g/licenses/by-sa/4.0/)
Disclaime
Funded by he Eu opean Union. Views and opinions
exp essed a e howe e hose o he au ho (s) only and
do no necessa ily e lec hose o he Eu opean Union.
The Eu opean Union canno be held esponsible o
hem.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 3 o 73
Documen Desc ip ion
Ve sion
Da e
Modi ica ions In oduced
Modi ica ion Reason
Modi ied by
0.1
14.06.2024
Table o Con en s, S uc u e
Iñaki E xaniz
(TECNALIA)
0.2
24.09.2024
Fi s d a . Included equi emen s,
Sequence diag ams
Iñaki E xaniz
(TECNALIA)
0.3
01.10.2024
Comple ed con ex and a chi ec u e
Iñaki E xaniz
(TECNALIA)
0.4
15.10.2024
Included 3.4 Analysis, Conclusions
Ready o in e nal e iew
Iñaki E xaniz
(TECNALIA)
0.5
24.10.2024
In e nal QA Re iew
Ch is ian Banse
(F aunho e )
0.6
25.10.2024
Add essed commen s ecei ed in he
In e nal QA e iew
Iñaki E xaniz
(TECNALIA)
0.7
30.10.2024
Final e iew
C is ina Ma ínez
/Juncal Alonso
(TECNALIA)
0.8
31.10.2024
Add ess commen s ecei ed in he
inal e iew
Iñaki E xaniz
(TECNALIA)TECNALIA
1.0
31.10.2024
Submi ed o he Eu opean
Commission
C is ina Ma ínez
/Juncal Alonso
(TECNALIA)
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 4 o 73
Table o con en s
Te ms and Abb e ia ions .............................................................................................................. 6
Execu i e Summa y ....................................................................................................................... 7
1 In oduc ion ........................................................................................................................... 8
1.1 Abou his deli e able .................................................................................................... 8
1.2 Documen s uc u e ....................................................................................................... 8
2 O e iew o he EMERALD F amewo k ................................................................................. 9
2.1 Con ex diag am ............................................................................................................ 9
2.2 The EMERALD amewo k ............................................................................................ 11
2.3 Glossa y........................................................................................................................ 12
3 EMERALD F amewo k Requi emen s .................................................................................. 16
3.1 Me hodology and Tools o equi emen s elici a ion ................................................. 16
3.1.1 The p ocess ........................................................................................................ 16
3.1.2 The ools ............................................................................................................ 17
3.2 Func ional Requi emen s ............................................................................................. 20
3.3 Non-Func ional Requi emen s ..................................................................................... 25
3.3.1 O he WP1 equi emen s .................................................................................. 25
3.3.2 Business d i en equi emen s ........................................................................... 27
3.3.3 UI/UX equi emen s (usabili y).......................................................................... 28
3.4 Analysis o Requi emen s ............................................................................................ 29
3.4.1 Mapping o equi emen s o KRs ...................................................................... 29
3.4.2 Mapping o equi emen s o KPIs ...................................................................... 31
3.4.3 Mapping o equi emen s o Business D i en Requi emen s ........................... 34
3.4.4 P io i iza ion and cu en s a us........................................................................ 36
3.5 Requi emen s Summa y Dashboa d ............................................................................ 37
4 EMERALD F amewo k de ailed iew ................................................................................... 40
4.1 Da a model .................................................................................................................. 40
4.2 Componen desc ip ion (componen s ca ds & sequence diag ams) .......................... 43
4.2.1 E idence Collec o s ........................................................................................... 43
4.2.2 TWS – T us wo hiness Sys em ......................................................................... 52
4.2.3 MARI - Mapping Assis an o Regula ions wi h In elligence ............................ 55
4.2.4 RCM - Reposi o y o Con ols and Me ics ........................................................ 57
4.2.5 O ches a o ...................................................................................................... 59
4.2.6 E idence S o e ................................................................................................... 62
4.2.7 Assessmen ........................................................................................................ 64
4.2.8 E alua ion .......................................................................................................... 66
5 Conclusions .......................................................................................................................... 69
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 5 o 73
6 Re e ences ........................................................................................................................... 70
APPENDIX A: Cu en s a us o equi emen s ............................................................................. 72
Lis o ables
TABLE 1. ROLES IN THE EMERALD ECOSYSTEM .................................................................................... 9
TABLE 2. EMERALD GLOSSARY ......................................................................................................... 12
TABLE 3. REQUIREMENT TEMPLATE .................................................................................................... 17
TABLE 4. COMPONENT CARD TEMPLATE .............................................................................................. 19
TABLE 5. FUNCTIONAL REQUIREMENTS. ............................................................................................... 21
TABLE 6. BUSINESS DRIVEN REQUIREMENTS ......................................................................................... 27
TABLE 7. UI/UX REQUIREMENTS ........................................................................................................ 28
TABLE 8. FUNCTIONAL REQUIREMENTS AND KRS ALIGNMENT MATRIX ...................................................... 29
TABLE 9. FUNCTIONAL REQUIREMENTS AND KPIS ALIGNMENT MATRIX. .................................................... 32
TABLE 10. TECHNICAL REQUIREMENTS VS BUSINESS REQUIREMENTS ALIGNMENT MATRIX........................... 34
TABLE 11. REQUIREMENTS PRIORITIZATION MATRIX .............................................................................. 36
TABLE 12. SUMMARY TABLE OF REQUIREMENTS STATUS AT M12 (BY COMPONENT) ................................... 37
TABLE 13. GENERAL VIEW: COMPONENTS VS PILOT........................................................................... 39
TABLE 14. STATUS OF THE TECHNICAL REQUIREMENTS ........................................................................... 72
Lis o igu es
FIGURE 1. EMERALD CONTEXT DIAGRAM ........................................................................................... 10
FIGURE 2. OVERVIEW OF THE EMERALD COMPONENTS........................................................................ 11
FIGURE 3. LIST OF REQUIREMENTS AS ISSUES IN GITLAB (EXCERPT) ........................................................... 19
FIGURE 4. NUMBER OF REQUIREMENTS PER COMPONENT ...................................................................... 38
FIGURE 5. REQUIREMENT STATUS ....................................................................................................... 38
FIGURE 6. REQUIREMENT STATUS PER COMPONENT .............................................................................. 39
FIGURE 7. EMERALD DATA MODEL (D1.1 [1]).................................................................................... 41
FIGURE 7. EMERALD DATA DIAGRAM ................................................................................................ 41
FIGURE 9. AI-SEC SEQUENCE DIAGRAM .............................................................................................. 44
FIGURE 10. AMOE SEQUENCE DIAGRAM ............................................................................................ 46
FIGURE 11. CLOUDITOR-DISCOVERY SEQUENCE DIAGRAM ...................................................................... 48
FIGURE 12. CODYZE SEQUENCE DIAGRAM ............................................................................................ 49
FIGURE 13. OVERVIEW OF EKNOWS PLATFORM COMPONENTS ................................................................ 50
FIGURE 14. EKNOWS SEQUENCE DIAGRAM ........................................................................................... 52
FIGURE 15. TWS SYSTEM RECORDING SEQUENCE DIAGRAM ................................................................... 54
FIGURE 16. TWS SYSTEM VERIFICATION SEQUENCE DIAGRAM ................................................................ 55
FIGURE 17. MARI SEQUENCE DIAGRAM .............................................................................................. 57
FIGURE 18. RCM SEQUENCE DIAGRAM ............................................................................................... 59
FIGURE 19. ORCHESTRATOR SEQUENCE DIAGRAM ................................................................................. 62
FIGURE 20. EVIDENCE STORE SEQUENCE DIAGRAM ................................................................................ 64
FIGURE 21. ASSESSMENT SEQUENCE DIAGRAM ..................................................................................... 66
FIGURE 22. EVALUATION SEQUENCE DIAGRAM ..................................................................................... 68

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 6 o 73
Te ms and Abb e ia ions
AI
A i icial In elligence
AI-SEC
AI Secu i y E idence Collec o
AIC4
AI Cloud Se ice Compliance C i e ia Ca alogue
AMOE
Assessmen and Managemen o O ganiza ional E idence
API
Applica ion P og amming In e ace
BDR
Business-D i en Requi emen
CaaS
Ce i ica ion-as-a-Se ice
CI/CD
Con inuous In eg a ion / Con inuous Deli e y
CKM
C yp og aphy and Key Managemen
CLI
Command Line In e ace
CSA o EU CSA
EU Cybe secu i y Ac
CSP
Cloud Se ice P o ide
CSV
Comma-Sepa a ed Values
CPU
Cen al P ocessing Uni
DoA
Desc ip ion o he Ac ion
EBSI
Eu opean Blockchain Se ices In as uc u e
EC
Eu opean Commission
EUCS
Eu opean Cybe secu i y Ce i ica ion Scheme o Cloud Se ices
GA
G an Ag eemen o he p ojec
gRPC
Google Remo e P ocedu e Call
HTTP
Hype ex T ans e P o ocol
ICT
In o ma ion Communica ions Technology
IEC
In e na ional Elec o echnical Commission
ISO
In e na ional O ganiza ion o S anda diza ion
JPA
Ja a Pe sis ence API
KPI
Key Pe o mance Indica o
KR
Key Resul
MARI
Mapping Assis an o Regula ions wi h In elligence
ML
Machine Lea ning
MS
MileS one
MVC
Model, View, Con olle
NFR
Non-Func ional Requi emen
NLP
Na u al Language P ocessing
OSCAL
Open Secu i y Con ols Assessmen Language
OSS
Open-Sou ce So wa e
P o obu
P o ocol Bu e s
RBAC
Role-Based Access Con ol
RCM
Reposi o y o Con ols and Me ics
REST
Rep esen a ional S a e T ans e
SARIF
S a ic Analysis Resul s In e change Fo ma
SDLC
So wa e De elopmen Li e Cycle
SSI
Sel -So e eign Iden i y Sys em
TWS
T us wo hiness Sys em
UI/UX
Use In e ace / Use Expe ience
UML
Uni ied Modelling Language
VM
Vi ual Machine
UI/UX
Use In e ace/ Use eXpe ience
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 7 o 73
Execu i e Summa y
This deli e able p oposes an a chi ec u e o he EMERALD amewo k. I is p oduced in he
con ex o WP1-Concep and me hodology o EMERALD, mo e conc e ely in Task 1.2 EMERALD
a chi ec u e. I p o ides a gene al iew o he EMERALD amewo k, which complemen s he
Da a Model p esen ed some mon hs be o e in D1.1 [1]. This documen con ibu es o hese
ou comes o he wo k package:
• The a chi ec u e o he o e all EMERALD so wa e sui e and he ela ed s uc u al and
beha iou al models, as well as da a modelling and in e ac ion mechanisms de ini ion.
• The in eg a ion o WP2, WP3 and WP4 ou comes in he EMERALD audi sui e.
• The me hods o suppo he in eg a ion o pilo s in WP5.
This documen is di ided in h ee main pa s. The i s pa p esen s an o e iew o he EMERALD
amewo k. A con ex diag am has been included, showing he main inpu s, ou pu s, and oles
in ol ed in he EMERALD wo k low. Twel e di e en componen s o EMERALD a e p esen ed,
as well as and he in e ac ion among hem. A Glossa y o e ms closes his pa , whe e he
de ini ion o e ms helps o unde s and he EMERALD con ex .
The second pa o he documen p esen s he equi emen s elici ed o he EMERALD
amewo k. The equi emen s elici a ion is an i e a i e p ocess, mixing se e al pe spec i es,
whe e Technical equi emen s ( unc ional and non- unc ional), Use In e ace equi emen s and
Pilo equi emen s a e ga he ed independen ly. A e wa ds, hey a e linked, in eg a ed and
analysed. We p esen he ools used o implemen he p ocess: Gi Lab Issues as he equi emen
de ini ion and acking ool; Componen Ca ds empla e o desc ibe componen s and Plan UML
o he c ea e he UML diag ams.
Then, we desc ibe he echnical equi emen s elici ed in he i s 12 mon hs o he p ojec ,
g ouped by componen s. They co e he expec ed unc ionali ies o EMERALD amewo k.
These a e complemen ed by non- unc ional equi emen s, ha co e a ange o p ope ies like
pe o mance, secu i y, deploymen , o a ailabili y, o ci e some. These a e sys em cons ains
which a e ans e sal o many (o all) componen s. The pilo equi emen s, wo ked in WP5, a e
lis ed oo, and hen a mapping wi h he echnical equi emen s has been p esen ed.
Nex , an analysis o he equi emen s se has been pe o med, s udying hei ela ions, s a us,
and co e age. Fo ha , a se o aceabili y ma ices shows he alignmen o he elici ed
equi emen s wi h espec o he EMERALD Key Resul s, and which echnical equi emen s
implemen a pilo equi emen . To end, a p io i iza ion ma ix e lec s which equi emen s will
be implemen ed in each i e a ion o he EMERALD wo kplan.
The las pa o he documen p esen s he EMERALD F amewo k de ailed iew, whe e each
componen is desc ibed in de ail - unc ionali y, in e aces, and beha iou al model- using he
p e iously men ioned a i ac s. The gene al da a model is also included.
Fu u e e sion o his documen is D1.4 [2], due a M24. I will p o ide and ac ualized se o
equi emen s and hei s a us, as design de elopmen asks e ol e. The nex ela ed ask is he
in eg a ion o he 1 e sion o he componen s in o he i s e sion o he in eg a ed EMERALD
amewo k, which will be p oduced in M18 o he p ojec and epo ed in D1.7 [3].
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 8 o 73
1 In oduc ion
1.1 Abou his deli e able
This deli e able is he esul o Task 1.2 – EMERALD a chi ec u e, in he WP1-Concep and
me hodology o EMERALD. I s main goal is o p o ide a common de ini ion o he EMERALD
F amewo k.
The documen includes an o e iew i s , and a de ailed desc ip ion la e o he EMERALD
a chi ec u e. I desc ibes he di e en componen s, modules, in e ac ions and in e aces. A
concise iew o each componen is p esen ed, using a empla e named "Componen Ca d",
which con ains key in o ma ion abou he componen , such as: unc ionali y, in e aces, sub-
pa s, and license. The componen beha iou desc ip ion is comple ed by UML sequence
diag ams
1
, ha show he in e ac ion wi h he es o componen s.
The documen p o ides a comple e lis o he echnical equi emen s o he EMERALD CaaS
amewo k. Pa o hem ha e been ga he ed and de eloped in coope a ion wi h WP5 - ha
deals wi h he pilo s’ implemen a ion - and WP4 - which o e sees he use expe ience and
in e ac ion in he EMERALD amewo k. Mos o he equi emen s lis ed he e ha e been al eady
desc ibed in mo e de ail in he deli e ables o WP2 and WP3 (dedica ed o desc ibing he
componen s in dep h), WP4 ( ela ed o he UI) and WP5 ( ela ed o he pilo s). An analysis o
he equi emen s, hei p io i iza ion and s a us a e also included.
Du ing he i s yea o he p ojec , se e al wo kshops ha e been conduc ed among he wo k
packages o coo dina e he di e en iews ha s akeholde s could ha e abou wha he
EMERALD amewo k has o p o ide and how. One o he ou comes a e he equi emen s
ga he ed he e.
1.2 Documen s uc u e
The emainde o he documen is o ganized as ollows:
Sec ion 2 p esen s a global iew o he EMERALD amewo k, i s use s and con ex . The sec ion
also includes a Glossa y ha cap u es he main e minology used in he p ojec .
Sec ion 3 ou lines he me hodology and ools used in equi emen managemen and
documen a ion. The unc ional and non- unc ional equi emen s o he EMERALD F amewo k
a e p esen ed, along wi h hei p io i y and cu en s a us o implemen a ion. A dashboa d
inalizes he sec ion.
Sec ion 4 desc ibes he a chi ec u e o he EMERALD CaaS amewo k. I p o ides a succinc
desc ip ion o he componen s ha make up he EMERALD amewo k, hei wo k lows,
implemen ed in e aces, and sequence diag ams.
Sec ion 5 p esen s he conclusions, a summa y o indings and ou comes.
Finally, APPENDIX A: Cu en s a us o equi emen s con ains he lis o Technical equi emen s
and hei cu en ul ilmen s a us.
1
h ps://en.wikipedia.o g/wiki/Sequence_diag am
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 9 o 73
2 O e iew o he EMERALD F amewo k
This sec ion con ains he con ex diag am o EMERALD and he in ol ed oles, in oduces he
amewo k, and p o ides a Glossa y o he mos ele an e ms used in EMERALD.
2.1 Con ex diag am
The con ex diag am o a sys em shows he oles in ol ed, he basic wo k low, as well as he
inpu s and ou pu s o he p ocess.
The oles ha ake pa in he EMERALD ecosys em, as well as pe sonas and scena ios, a e being
in es iga ed in he wo kshops ela ed o asks T4.1 – Requi emen s enginee ing wi h compliance
manage s and audi o s and T4.2 – Modelling wo k p ocesses, in WP4. Table 1 summa izes he
main oles in EMERALD. Fo mo e in o ma ion on his subjec , consul he deli e ables D4.1 [4]
and D4.3 [5].
Table 1. Roles in THE EMERALD ecosys em
Gene ic Role
Roles
Desc ip ion
Compliance
S akeholde s
Compliance Manage
Suppo s he company in being us wo hy, o e seeing
audi p ocesses, being up o da e wi h secu i y s anda ds,
o ganizing audi s and managing he scheduling o di e en
compliance schemes.
C ea es an audi scope in EMERALD o manage he
ce i ica ion p ocess.
Compliance Manage o
inancial se ices
Focuses on isk managemen o hi d-pa y cloud se ices,
assesses con ols based on isk and egula ion, manages
con ac ual ag eemen s, and moni o s compliance
Me ic Owne
Thei asks consis o on de ining me ics, collec ing
e idence o con ols and assigning and delega ing con ol
implemen a ion o Technical Implemen e s.
NOTE: al e na i ely called In e nal Con ol Owne
Audi o
S akeholde s
In e nal Audi o
Re iews all con ols o an audi scope. I some a e non-
complian , checks he easons and in o ms he Compliance
Manage .
Ex e nal Lead Audi o
In cha ge o managing he audi p ocess, planning,
epo ing, and main aining con ac wi h cus ome s.
NOTE: bo h Audi o s a e a unique ole in he EMERALD UI.
Ex e nal Technical Audi o
Technical
S akeholde
Technical Implemen e
Pe o ms he echnical asks o implemen an assigned
con ol, h ough so wa e de elopmen , con igu a ion,
e c.
Selec s a se o me ics ha ma ches he con ols,
implemen s hem, and in o ms he Me ic Owne .
NOTE: al e na i ely called Me ic Implemen o
A i s ca ego iza ion di ides he oles in h ee g oups acco ding o hei unc ion: (i) he
Compliance S akeholde s (Compliance Manage s and Me ic Owne ) ha manage he
ce i ica ion p ocess, o ganizing audi s and p epa ing he sys em; (ii) he Audi o S akeholde s
(In e nal and Ex e nal Audi o s), ha deal wi h he esul s o he assessmen o an Audi Scope
and epo he esul o he Compliance Manage ; (iii) he Technical S akeholde , who
implemen s he equi ed me ics o he Con ol owne .
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 16 o 73
3 EMERALD F amewo k Requi emen s
In his chap e , we will lis and join ly analyse he equi emen s ga he ed o he componen s
du ing he i s yea o he p ojec . Du ing his ime, se e al wo kshops ha e been main ained
among he wo k packages o coo dina e he di e en iews ha s akeholde s could ha e abou
wha he EMERALD amewo k mus p o ide and how. One o he ou comes a e he
equi emen s p esen ed he e.
Each equi emen is uniquely iden i ied by an ID, which will be e e enced in u u e asks and
documen s o p io i iza ion, alida ion, e c. Please no e ha he equi emen s a e no
desc ibed in de ail, i.e., using he empla e de ined in Table 3, because hey ha e al eady been
desc ibed in de ail in hose deli e ables desc ibing he espec i e EMERALD componen in WP2
(see D2.2 [13], D2.4 [14], D2.6 [15], D2.8 [16]), WP3 (see D3.1 [17]), WP4 (see D4.1 [4]) and WP5
(see D5.1 [18]).
3.1 Me hodology and Tools o equi emen s elici a ion
In his sec ion, we will b ie ly desc ibe he me hodology used in EMERALD o he elici a ion o
equi emen s and he p incipal ools and a i ac s used o suppo he p ocess.
3.1.1 The p ocess
The equi emen s ga he ing p ocess ollowed in EMERALD is mul i- ocused. The p ocess has
been di ided in h ee pa allel pa hs, each one ying o in es iga e he EMERALD sys em om
di e en pe spec i es.
A i s pa h ha unco e s he unc ionali ies and quali ies ha he echnicians unde s and he
EMERALD p oduc has o o e . This wo k has been based in he documen a ion a ailable:
p ojec p oposal [19], key Resul s expec ed, no ms and s anda ds, and in he knowledge
inhe i ed om he MEDINA
3
p ojec , which is he p edecesso o EMERALD p ojec . This pa h,
ca ied unde WP1, has p oduced a se o Technical equi emen s. These equi emen s ha e
been co e ed in di e en deli e ables in WP2 (D2.2 [13], D2.4 [14], D2.6 [15], D2.8 [16]) and
WP3 (D3.1 [17]) de o ed o desc ibing he componen s.
A second pa h has been de o ed speci ically o he use expe ience, o p o ide EMERALD wi h
an ad anced use in e ace ha connec s he es o componen s and sa is ies he use s’
equi emen s while p o iding he needed in o ma ion in i s di e en iews. This wo k has been
conduc ed in WP4, whe e a co-design, pa icipa o y design app oach has been ollowed, holding
sepa a e in e iews wi h componen owne s and wi h pilo owne s. This has p oduced a se o
Use In e ace equi emen s (mo e in o ma ion on his is a ailable in D4.1 [4]).
Las ly, a hi d pa h has been ocused on wha he inal use s o EMERALD ha e asked o be pa
o he deli e ed p oduc . This wo k has been pa o WP5, whe e he pilo s ha e been de ined,
and has p oduced a se o Business equi emen s (mo e in o ma ion on his is a ailable in he
deli e able D5.1 [18]).
All hese sepa a e elici a ions ha e p oduced sepa a e equi emen se s. One o he asks in
WP1 has been o analyse, e ine and check hese equi emen s, app o e he co ec ones and
disca d o he s, as well as o es ablish he ela ionships among hem. Se e al discussions abou
he equi emen s ha e hold du ing he pe iodic wo k package mee ings. Also, speci ic
wo kshops ha e been conduc ed o map he business equi emen s and use in e ace
3
h ps://medina-p ojec .eu/

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 17 o 73
equi emen s o echnical equi emen s. This has p oduced changes in he equi emen s, and
new equi emen s ha e been de ined when necessa y.
This documen p esen s he esul s o his analysis, managing he di e en lis s o equi emen s.
We p o ide a dashboa d wi h he s a us and p io i iza ion o equi emen s. Fu he mo e,
se e al aceabili y ma ixes a e p esen ed, o keep all he ela ionships a ec ing he
equi emen s up o da e.
3.1.2 The ools
To ca y ou he a chi ec u e de ini ion, di e en ools and a i ac s ha e been used, namely
Gi lab issues, Componen ca ds and UML models wi h Plan UML ool, ha will be b ie ly
desc ibed in he ollowing.
3.1.2.1 Gi lab issues
To be e con ol hei changes and e olu ion, he equi emen s in EMERALD ha e been de ined
in Gi Lab, using he issues
4
ea u e. Issues a e used in gene al o collabo a e on ideas, sol e
p oblems, and plan wo k. They allow o ack asks and wo k s a us, accep ea u e p oposals,
ask ques ions, o suppo eques s.
A empla e has been used o de ine he equi emen s, as depic ed in Table 3. The empla e has
a abula o m and con ains all he ields needed o ga he he equi emen in o ma ion and
ack i du ing he p ojec li e ime. The able has been also implemen ed as a Gi Lab empla e,
use ul o de ine new equi emen s.
Table 3. Requi emen empla e
Field
Desc ip ion
Requi emen ID
Unique iden i ie . E.g., o he Reposi o y o Con ols and Me ics ->
RCM.01, RCM.02…
Sho i le
Sho desc ip ion o he equi emen
Desc ip ion
Mo e de ailed desc ip ion o he equi emen . This is especially ele an o
he c ea ion o he es cases.
S a us
Choose he co esponding label:
S a us::P oposed -> S a us::Accep ed / S a us::Disca ded -> S a us::Wo k in
P og ess -> S a us::Implemen ed -> S a us::Valida ed
P io i y
Choose he co esponding label:
P io i y::Mus -> P io i y::Should -> P io i y::Could
Componen
Choose he co esponding label:
Comp::AI-SEC, Comp::AMOE, Comp::Ce G aph, Comp::Cloudi o ,
Comp::Codyze, Comp::eKnows, Comp::Eme aldUI, Comp::E idenceS o e,
Comp::LCM, Comp::RCM, Comp::RMA, Comp::TWS, Comp::WP1,
Comp::N/A
Sou ce
Pilo s / Componen / DoA / KPI
Type
Choose he co esponding label:
Choose he co esponding label:
Type::Technical, Type::Pilo s, Type::GUI
4
h ps://docs.gi lab.com/ee/use /p ojec /issues/
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 18 o 73
Rela ed KR
Choose he co esponding label:
KR::KR1_EXTRACT, …, KR::N/A
Rela ed KPI
Choose he co esponding label:
KPI::1.1, …, KPI::N/A
Valida ion
accep ance c i e ia
Desc ibe how o alida e he equi emen . Wha a e he s eps o ollow,
wha should be he sys em ou pu
P og ess
[Op ional] pe cen ual deg ee o ad ances om 0% o 100%
Miles one
Selec he miles one among he de ined ones: om MS1: Componen s V1
(M12) o MS9: Final e alua ion epo and impac analysis (M36)
As men ioned abo e, his able has been used in o he WP2 and WP3 deli e ables dedica ed o
desc ibing he componen s in de ail. In his documen , we will mainly limi o lis ing he
equi emen s and analysing hem as a whole.
Figu e 3 shows a lis o he equi emen s in he Gi Lab equi emen s eposi o y. The de elope
can de ine a new equi emen using he a o emen ioned empla e. To acili a e equi emen s
iden i ica ion and il e ing, a se o labels associa ed o he issues ha e been de ined. Labels a e
o ganized in ca ego ies, whe e each ca ego y de ines a p ope y o he equi emen and is
ep esen ed in di e en colou s. Ca ego ies o labels a e:
• Componen label (one o each componen )
• Type label (Technical / Pilo s, UX)
• P io i y label (Mus / Should / Could)
• KR label (one o each Key Resul )
• Pilo label (Ionos / CloudFe o / Fabaso / Caixabank)
• S a us label (P oposed / Accep ed / Disca ded / Implemen ed / Valida ed)
• KPI label (one o each Key Pe o mance Indica o )
Requi emen s can be il e ed using lis s o also be isualized and managed using issue boa ds
5
o Gi Lab. The issue boa d is a so wa e managemen ool used o plan, o ganize, and isualize
a wo k low o a ea u e o p oduc elease, pai ing issue acking and p ojec managemen . The
boa ds o ganize he issues in ca ds, in e ical lis s o ganized by hei labels, miles ones, o
assignees. Requi emen s can be managed inside he boa ds. Fo example, mo ing a equi emen
om one lis o o he changes he associa ed label and hus he equi emen p ope ies. Se e al
speci ic boa ds ha e been de ined in EMERALD o p o ide di e en iews o he equi emen
se :
• Requi emen s by TYPE(Technical/GUI/Pilo s)
• Requi emen s by PRIORITY(Mus /Should/Could)
• Requi emen s by KR
• Requi emen s by STATUS
• Requi emen s by COMPONENT
• Requi emen s by Pilo
5
h ps://docs.gi lab.com/ee/use /p ojec /issue_boa d.h ml
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 19 o 73
Figu e 3. Lis o equi emen s as issues in Gi Lab (exce p )
3.1.2.2 Componen ca ds
A “componen ca d” is wha we call a piece o in o ma ion ha con ains a b ie desc ip ion o
each componen . I con ains he essen ial in o ma ion o know wha he componen does,
whe e i i s in he amewo k, wi h which o he componen s i in e ac s and how i is made.
A componen ca d has been de ined o each componen , and all o hem a e included as pa
o he de ailed iew o he EMERALD amewo k in Sec ion 4. Table 4 shows he s uc u e o a
componen ca d.
Table 4. Componen ca d empla e
Componen
Name
Name o he componen and ac onym, i any
Main
unc ionali ies
Lis he main unc ionali ies he componen p o ides. E.g.:
• Desc ibe unc ionali y 1
• Desc ibe unc ionali y 2
Sub-
componen s
Desc ip ion
Subcomponen A: Desc ibe he unc ionali y o he sub-componen
Subcomponen B:
Main logical
In e aces
o e ed
Include g aphical in e aces i any.
In e ace name
Desc ip ion
In e ace echnology
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 20 o 73
In e ac ion
wi h o he
componen s
• Componen X: Desc ibe in e ac ion wi h componen X
• Componen Y:
Rele an
sequence
diag am/s
Include a sho o he sequence diag am(s) desc ibing he componen ’s dynamic
beha iou
Requi emen s
Mapping
Lis he equi emen s co e ed by his componen . E.g.:
• TWS.01: P o ide in eg i y p oo o e idence
• TWS.02:
Technology
used
Desc ibe he echnology used in he implemen a ion o he componen
(languages, amewo ks, e c)
Rela ed KR
Rela ed EMERALD p oposal Key Resul s
WP and ask
WPX – Tx.1
License
License o he componen
Pa ne
Pa ne ha is he componen owne , who de ines/implemen s i .
3.1.2.3 Plan UML diag ams
Diag ams o he Uni ied Modelling Language (UML) ha e been used in he de ini ion o he
EMERALD a chi ec u e. Mo e conc e ely, Class diag ams o de ine he da a model he
componen s use, and he ela ionship among he objec s; and Sequence diag ams, o de ine he
dynamic beha iou o he componen s and he low o in o ma ion among hem. This kind o
diag am isualizes he in e ac ions be ween use s, sys ems and sub-sys ems o e ime, h ough
message passing be ween objec s o oles. UML sequence diag am comple e he classes o
objec diag am, ha ep esen he a ibu es, by ep esen ing he p og amming logic o be illed
in he me hods’ body.
To de ine he UML diag ams, he Plan UML
6
ool was chosen. This ool c ea es he diag am
based in ex desc ip ions and suppo s a wide ange o diag ams. Plan UML allows o ende
he diag ams as images in di e en ou pu o ma s. As he Plan UML based diag ams con ain
ex /code, he iles a e included in Gi lab o e sioning. This allows o di e en o ganisa ional
p ocesses, ha a e no possible in common online ools wi h g aphical suppo . New e sions o
he diag ams a e p oduced wi h each commi , and me ge eques s a e c ea ed o change he
ac ual elease.
As he speci ic diag am o each componen has been included in he deli e able D1.1 [1], in his
documen we only p esen a gene al class diag am ep esen ing he whole EMERALD
amewo k. Howe e , sequence diag ams o each componen a e included in Sec ion 4 as pa
o he de ailed iew o he EMERALD amewo k.
3.2 Func ional Requi emen s
Table 5 lis s he se o unc ional equi emen s o he EMERALD amewo k componen s. Along
wi h he b ie desc ip ion, he p io i y and miles one o each equi emen a e p esen ed. A o al
o 44 unc ional equi emen s ha e been elici ed, g ouped in he 12 componen s ha o m he
amewo k.
6
h ps://plan uml.com/
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 21 o 73
The Iden i ica ion o each equi emen is unique. I is composed by he ac onym o he
componen plus a numbe . The componen s ha e been desc ibed in Sec ion 2.2, bu a lis wi h
i s co espondence o Iden i ie s is p o ided below o cla i y.
• AI-SEC: AI Secu i y E idence Collec o
• AMOE: Assessmen and Managemen o O ganisa ional E idence
• CLDISC: Cloudi o -Disco e y
• CODYZE: Codyze
• EKNOWS: eknows - So wa e analysis pla o m
• TWS: T us wo hiness Sys em
• MARI: Mapping Assis an o Regula ions wi h In elligence
• RCM: Reposi o y o Con ols and Me ics
• ORCH: Cloudi o -O ches a o
• ESTORE: Cloudi o -E idence S o e
• ASSESS: Cloudi o -Assessmen
• EVAL: Cloudi o -E alua ion
The Miles one ield o each equi emen s signals when he equi emen is o eseen o be
comple ed. The lis o Miles ones co esponds o he ones de ined in he DoA:
• MS1: P ojec baselines and de ini ion (M9)
• MS2: Componen s V1 (M12)
• MS3: In eg a ed audi sui e V1 (M18)
• MS4: Pilo s V1 (M20)
• MS5: Componen s V2 (M24)
• MS6: In eg a ed audi sui e V2 (M30)
• MS7: Pilo s V2 (M32)
• MS8: In eg a ed audi sui e V3 (M34)
• MS9: Final e alua ion epo and impac analysis (M36)
Table 5. Func ional equi emen s.
Req. ID
Desc ip ion
P io i y
Miles one
AI-SEC.01
The ex ac o ool includes de ined c i e ia: The designed AI-
SEC has he selec ed c i e ia o he BSI AIC4
Mus
MS2
(M12)
AMOE.01
Upload PDF documen : The componen shall be able o
ecei e a PDF documen ia API and p ocess i s con en s
ega ding he de ined me ics. The PDF shall ecei e a unique
ID so ha i can be e ie ed and dele ed la e on.
Mus
MS2
(M12)
AMOE.02
P o ision o ex ac ed e idence o E idenceS o e: The
e idence ex ac ion componen needs o be able o o wa d
he ex ac ed e idence o he EMERALD E idenceS o e, so i
can be used o assessmen and u he audi p ocesses.
Mus
MS5
(M24)
AMOE.03
Re ine e idence ex ac ion app oach:
The e idence ex ac ion app oach should be e ined o he
needs o he pilo s, so ha he ool is able o p o ide ele an
e idence o he me ic assessmen s.
Mus
MS5
(M24)
AMOE.04
Compa e esul s om mul iple documen s: Resul s om
mul iple policy documen s shall be compa able using AMOE. A
me ic can be used o ex ac e idence om di e en policy
documen s. AMOE shall p o ide he esul s ia API o a me ic
and gi en cloud se ice.
Should
MS2
(M12)

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 22 o 73
Req. ID
Desc ip ion
P io i y
Miles one
AMOE.05
Selec me ics pe documen : AMOE should o e he
possibili y o selec some me ics be o e hey a e ex ac ed o
a documen . This speeds up he p ocessing ime as me ics ha
a e no con ained in he documen do no need o be checked.
Also, i should be mo e con enien o he use , as he esul s
a e mo e p ecise and less i ele an esul s need o be
disca ded.
Should
MS5
(M24)
AMOE.06
Classi y documen , selec espec i e me ics (op ional):
AMOE could use documen classi ica ion o p e-selec some
me ics based on he ca ego y, ex , equi emen s o o he
ea u e ha would be o use. This could po en ially, educe he
manual wo kload and help o p o ide only esul s o me ics
ha a ge he speci ic documen .
Mus
MS8
(M34)
AMOE.07
Me ic s a es: AMOE could add some in e nal s a es o he
me ics. This should help o isualize he cu en p ocess o
e e y me ic and ole. He e is a lis o me ic lags ha could
be used: new, in e nal-s a ed, eady- o -audi , e ise-policy,
audi - inished, esul -ou da ed, ex ac ion- ailed.
- new: he me ic has been success ully ex ac ed
- ex ac ion- ailed: e idence could no be ex ac ed
- in e nal-s a ed: in e nal audi o /compliance manage
s a ed inspec ing he me ic
- eady- o -audi : in e nal audi o /compliance manage has
inished wi h he me ic, and ma ked i eady o audi o
- e ise-policy: audi o se s me ic o be e ised
- audi - inished: audi o is ok wi h me ic
- esul -ou da ed: au oma ic o manual igge ed check i
esul is ou da ed
Should
MS5
(M24)
CLDISC.01
Disco e y o secu i y p ope ies o in as uc u e
componen s: The Cloudi o disco e y needs o disco e
secu i y p ope ies o in as uc u e componen s. The
e idence wi h he secu i y p ope ies is sen o he E idence
S o e in he on ology o ma .
Mus
MS6 (M30)
CODYZE.01
Ex ac ion o secu i y ea u es om sou ce code: Codyze
needs o check a ailable sou ce code a e ac s o secu i y
ea u es.
Mus
MS6 (M30)
EKNOWS.01
In eg a ion in o exis ing sys ems: The componen should be
in eg able in o exis ing sys ems, de elopmen en i onmen s
and wo k lows, o example by using APIs like REST by
compa ibili y wi h CI/CD-Pipelines.
Mus
MS3
(M18)
EKNOWS.02
Resilience while analysing e oneous code: The sou ce code
analysed by he componen could be e oneous, o example
syn ac ical and seman ical e o s could be encoun e ed while
pa sing i . Fu he mo e, an unknown dialec o a language
could be encoun e ed. An app op ia e e o handling s a egy
o such si ua ions is necessa y: E oneous code will be skipped
and no be u he analysed. A co esponding e o message
will be s o ed in he ga he ed e idence.
Should
MS5
(M24)
EKNOWS.03
Mul i-language suppo : The componen should be able o
analyse sou ce code w i en in di e en p og amming
languages and should suppo a leas Ja a and Py hon.
Mus
MS5
(M24)
EKNOWS.04
Suppo EMERALD e idence o ma : The analyza ion esul s
a e o e ed in a s uc u ed and s anda dized o ma , he
EMERALD e idence o ma (see da a model). This enables
u he p ocessing and que ies in o he componen s.
Mus
MS3
(M18)
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 23 o 73
Req. ID
Desc ip ion
P io i y
Miles one
EKNOWS.05
S a ic code analysis: The componen uses s a ic code analysis
me hods. Such me hods a e, o example, da a low analysis,
call g aph analysis, symbolic execu ion o con ol low analysis.
One o mul iple me hods (possibly in combina ion) will be used
o ga he e idence. The ac ual used me hod(s) depend(s) on
he me ic, o which e idence should be ex ac ed.
Mus
MS5
(M24)
TWS.01
P o ide a ool allowing he e i ica ion o e idence in eg i y
wi hou needing o s o e he e idence i sel ( o con iden iali y
easons).
Mus
MS2
(M12)
TWS.02
P o ide a ool allowing he e i ica ion o assessmen esul s
in eg i y wi hou needing o s o e he esul i sel ( o
con iden iali y easons).
Mus
MS2
(M12)
TWS.03
The in eg i y alida ion o e idence and assessmen esul s
mus be done h ough REST API o g aphical in e ace
(EMERALD UI).
Mus
MS5
(M24)
TWS.04
The TWS mus be based on a eal Blockchain ne wo k, wi h
mul iple nodes and mul iple o ganiza ions o gua an ee
sui able decen aliza ion and go e nance o he Blockchain
ne wo k.
Mus
MS5
(M24)
MARI.01
AI-based: MARI is a ool based on s a e-o - he-a a i icial
in elligence, e.g., uses a ans o me -based a chi ec u e
Mus
MS6 (M30)
MARI.02
Au oma ic associa ion: MARI akes as inpu cloud secu i y
con ols w i en in na u al language, me ics ha alida e
hose con ols, again w i en in na u al language, and
au oma ically e u ns as ou pu he associa ion
con ol/me ic(s) and he associa ion con ol/con ol.
Mus
MS6 (M30)
MARI.03
Pe o mance E alua ion: The pe o mance o MARI should
imp o e on he pe o mance o he Me ic Recommende o
EMERALD’s p edecesso p ojec , MEDINA. We can assume ha
we measu e he pe o mance o MARI wi h he same me ics
used o he Me ic Recommende , namely p ecision@k and
NDCG (No malised Discoun ed Cumula i e Gain)
Mus
MS6 (M30)
MARI.04
Usage and Visualiza ion: MARI should be in oked h ough
EMERALD's buil -in in e ace, and MARI esul s can be
isualized h ough he same in e ace
Mus
MS6 (M30)
MARI.05
S a egies: MARI can ac acco ding o speci ic s a egies, such
as conside ing only echnical con ols, o o ganiza ional
con ols, o con ols o a ce ain ca ego y, o con ols whose
implemen a ion cos s less in e ms o human esou ces, e c.
The s a egies will be de ined du ing he p ojec .
Mus
MS6 (M30)
RCM.01
Mul i-schema suppo : The eposi o y should con ain a leas
an addi ional secu i y scheme, apa om he EUCS ha is he
scheme implemen ed in MEDINA Ca alogue and is inhe i ed in
EMERALD
Mus
MS2 (M12)
RCM.02
Accessible by he es o componen s: The eposi o y con en
should be made accessible o he es o EMERALD
componen s ia API
Mus
MS2 (M12)
RCM.03
Include me ics o all schemes suppo ed: The eposi o y
should include me ics ha could be used o assess he
compliance wi h one o mo e ce i ica ion schemes
Mus
MS2 (M12)
RCM.04
Mapping o schemes: The eposi o y should suppo he
mapping o he ce i ica ion schemes con ained. The scheme-
o-scheme mapping will be p o ided by he MARI ool and
s o ed in he eposi o y. The a ionale o he mapping
decision will also be s o ed
Should
MS5 (M24)
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 24 o 73
Req. ID
Desc ip ion
P io i y
Miles one
RCM.05
Impo /expo o secu i y schemes in OSCAL: The eposi o y
is able o impo a new scheme de ined in he OSCAL language
( his ea u e can also be used o upda e an exis ing scheme).
The eposi o y is able o expo any a ailable scheme in OSCAL
o ma
Mus
MS6 (M30)
RCM.06
Impo /expo o secu i y schemes in CSV o ma : The
eposi o y can expo a scheme o a CSV ile, and impo a CSV
ile wi h he same o ma as a new scheme
Could
MS2 (M12)
RCM.07
Suppo o pe sonalized ca alogues: The Reposi o y has o
o e he use he possibili y o c ea e a pe sonalized ca alogue
o con ols. These con ols can be aken om he same o om
di e en secu i y schemes
Mus
MS6 (M30)
RCM.08
Suppo upda ing/ e sioning o schemes: The Reposi o y has
o main ain a e sioning sys em o he schemes i con ains, so
ha i a new e sion is uploaded, i is able o de ec he change
and no i y he use ha a new e sion is a ailable
Should
MS6 (M30)
ORCH.01
Final ce i ica e decision: Since we do no ha e a dedica ed
li e-cycle manage componen in EMERALD, he O ches a o
mus ake ca e o he inal ce i ica e decision. The decision is
based on he inpu o he E alua ion componen p o iding he
O ches a o wi h an e alua ion esul o each con ol
Mus
MS5 (M24)
ORCH.02
REST API Ga eway o UI: The O ches a o should p o ide a
REST API ga eway o he UI ha se es a cen al API endpoin
o all in o ma ion needed om he O ches a o , Assessmen ,
E alua ion and o he Cloudi o componen s.
Mus
MS2 (M12)
ORCH.03
Role Based Access Con ol (RBAC): Since he UI wan s o
selec i ely disclose in o ma ion o use s and/o oles, we need
a RBAC mechanism in ou API endpoin s, mainly in he
O ches a o .
Mus
MS5 (M24)
ORCH.04
Manage Tools ia API: We need o manage ex e nal ools, such
as e idence ex ac o s in he O ches a o .
Should
MS5 (M24)
ORCH.05
P o ide an API o audi wo k low: We wan o assign people
o con ols wi hin an audi ins ance ha ha e a pa icula ask.
Mus
MS6 (M30)
ESTORE.01
S o age o e idence as on ology en i ies in g aph da abase:
The E idence S o e mus s o e he e idence acco ding o he
schema de ined by he knowledge g aph. The p e e ed way o
s o e his in o ma ion is a g aph da abase.
Mus
MS3
(M18)
ESTORE.02
Allow In e ac ion wi h Thi d-Pa y Tools: The E idence s o e
should be allowed o accep e idence om hi d-pa y ools,
e.g., using a REST API. The e idence needs o be in he on ology
o ma . The e o e, in o ma ion abou he on ology and da a
models mus be a ailable.
Should
MS3
(M34)
ASSESS.01
Assessmen based on e idence: The assessmen should assess
e idence based on he knowledge g aph.
Mus
MS6 (M30)
ASSESS.02
Assessmen ules o 80% o he de ined me ics: Assessmen
ules mus exis o 80% o he me ics de ined in KPI4.1.
Mus
MS6 (M30)
ASSESS.03
Display cause o assessmen esul : We wan o know why an
assessmen esul ails o passes.
Could
MS6 (M30)
EVAL.01
Display cause o ailing e alua ion esul : We wan o know
why he e alua ion esul ails o passes. The e o e, i should
con ain a lis o assessmen esul s ha cause he e alua ion
s a us o be non-complian .
Could
MS6 (M30)
EVAL.02
E alua ion based on assessmen esul s: The e alua ion
should assess he esul based on all he equi ed assessmen
esul s s o ed in he da abase.
Mus
MS6 (M30)
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 25 o 73
3.3 Non-Func ional Requi emen s
The echnical equi emen s p esen ed in Sec ion 3.2 in ol e beha iou al, o unc ional,
equi emen s o he sys em. They ell us how he sys em mus beha e when p esen ed wi h
ce ain inpu s o condi ions.
Bu , in addi ion o hese unc ional equi emen s, we ha e de ined some non- unc ional
equi emen s o he EMERALD amewo k. The ollowing subsec ions p o ide di e en ypes o
non- unc ional equi emen s, ga he ed in di e en wo k packages.
3.3.1 O he WP1 equi emen s
We p esen he e a lis o non unc ional equi emen s de ined in WP1. These equi emen s a e
ela ed wi h cha ac e is ics o cons ains o he sys em mo e ha o i s beha iou . They ha e
no been included in any p e ious deli e ables, so we ollow each equi emen wi h a sho
pa ag aph on how we plan o implemen i .
Requi emen id
WP1.01
Sho i le
Pe o man amewo k
Desc ip ion
The EMERALD amewo k should be as pe o man as possible. The
esponse ime o a use ac ion in no mal condi ions should no be
la ge han a ew seconds.
Implemen a ion s a e
Pa ially implemen ed
The componen ools will ha e o pass au oma ic in eg a ion es s by he CI/CD pipeline be o e
being in eg a ed in o he amewo k. The alida ion ask in WP5 will alida e bo h he
unc ionali y and he pe o mance o he EMERALD amewo k. Apa o hese con ols, he
amewo k in as uc u e is con inuously moni o ed, and he implemen ed en i onmen allows
lexibili y o upg ade he esou ces i hey a e alling sho (e.g., adding mo e memo y o CPUs
o he Kube ne es nodes, o p o iding ex a nodes).
Requi emen id
WP1.02
Sho i le
Po abili y
Desc ip ion
The EMERALD amewo k should be po able and wo k in any ypical
business en i onmen .
Implemen a ion s a e
Pa ially implemen ed
The componen s o he amewo k will be packaged as con aine s, which a e a po able
echnology by de ini ion. We will use he Docke ecosys em o build and sha e images. Fo image
building we will suppo bo h Docke and Docke Compose.
Requi emen id
WP1.03
Sho i le
Scalabili y
Desc ip ion
The EMERALD amewo k should be easily scalable when he
wo king condi ions become se e e in ela ion o he numbe o
use s o he pla o m o in ense use.
S a us
Pa ially implemen ed
Scalabili y will be based in he use o a con aine o ches a ion echnology, such as Kube ne es,
which is inhe en ly scalable. I also can p o ide esilience, helping o sol e p oblems when he
esou ces alloca ion is sho e ha needed.
Requi emen id
WP1.04
Sho i le
Ins allabili y
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 32 o 73
• KPI 2.3: P o ide scalabili y o s o ing/p ocessing con inuously collec ed e idence;
demons a ed in he pilo s
• KPI 3.1: P o ide scheme o scheme mapping unc ionali y based on me ics,
ecommended o he use
• KPI 3.2: P o ide me ic- o- equi emen -mapping unc ionali y by imp o ing MEDINA
app oaches and inco po a ing KPI 5.1 esul s
• KPI 3.3: P o ide insigh s o he mapping decision and how he ecommenda ion p o-
cess wo ks
• KPI4.1: P o ide ealizable me ics ha demons a e compliance o a leas wo secu i y
ce i ica ion schemes
• KPI 4.2: P o ide me ic assessmen o 80 % o he me ics in KPI 4.1 based on he
ce i ica ion g aph
• KPI 5.1: P o ide ealizable me ics o help e alua e a leas 50% o he ca ego ies o
c i e ia o he BSI AIC4 ha deal wi h he obus ness o ML sys em, hei in e p e abili y,
and he mi iga ion o po en ially nega i e impac s such as model un ai ness (c. . Chap e
6, AIC4).
• KPI 5.2: P o ide a PoC o semi-au oma ed assessmen o 80% o he me ics speci ied
in KPI 5.1.
• KPI 6.1: P o ide oles and wo k lows, de i ed om in e iews wi h ele an use s (e.g.,
p ojec pa ne s and ad iso y boa d membe s), de elop mock-ups and in e ac ion
concep s o managing he audi p ocess
• KPI 6.2: P o ide concep o he (UI) o EMERALD and in eg a ion o e idence collec ion
componen s, da a bases and o ches a ing componen s
• KPI 6.3: P o ide a g aphical use in e ace o ole-based access o ce i ica ion
in o ma ion con en
• KPI 7.1: Con en ionalize impo and expo unc ionali ies o ake o sha e da a wi h
ex e nal sou ces
• KPI 7.2: Inco po a e inpu om s anda disa ion bodies and synch onize da a o ma s
and p o ocols
• KPI 8.1: Facili a e a leas wo di e en audi scena ios, one o public clouds, one o
p i a e cloud ins alla ions
• KPI 8.2: Valida e use accep ance in e ms o complexi y educ ion
Table 9. Func ional equi emen s and KPIs alignmen ma ix.
Req. ID
EXTRACT
CERTGRAPH
OPTIMA
M-CERT
AIPOC
UI/UX
INTEROP
PILOTS
KPI1.1
KPI1.2
KPI2.1
KPI2.2
KPI2.3
KPI3.1
KPI3.2
KPI3.3
KPI4.1
KPI4.2
KPI5.1
KPI5.2
KPI6.1
KPI6.2
KPI6.3
KPI7.1
KPI7.2
KPI8.1
KPI8.2
AI-SEC.01
X
X
X
AMOE.01
X
AMOE.02
X
AMOE.03
X
AMOE.04
X
AMOE.05
X
AMOE.06
X
AMOE.07
X

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 33 o 73
Req. ID
EXTRACT
CERTGRAPH
OPTIMA
M-CERT
AIPOC
UI/UX
INTEROP
PILOTS
KPI1.1
KPI1.2
KPI2.1
KPI2.2
KPI2.3
KPI3.1
KPI3.2
KPI3.3
KPI4.1
KPI4.2
KPI5.1
KPI5.2
KPI6.1
KPI6.2
KPI6.3
KPI7.1
KPI7.2
KPI8.1
KPI8.2
CLDISC.01
X
CODYZE.01
X
EKNOWS.01
X
EKNOWS.02
X
EKNOWS.03
X
EKNOWS.04
X
EKNOWS.05
X
TWS.01
X
TWS.02
TWS.03
TWS.04
X
MARI 1.0
X
X
X
MARI 2.0
X
X
X
MARI 3.0
X
X
X
MARI 4.0
X
X
X
MARI 5.0
X
X
X
RCM.01
X
X
RCM.02
RCM.03
X
X
RCM04
X
X
RCM.05
X
X
RCM.06
X
RCM.07
X
X
RCM.08
X
X
ORCH.01
X
X
ORCH.02
X
ORCH.03
X
ORCH.04
X
ORCH.05
ESTORE.01
X
X
ESTORE.02
X
ASSESS.01
X
X
ASSESS.02
X
ASSESS.03
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 34 o 73
Req. ID
EXTRACT
CERTGRAPH
OPTIMA
M-CERT
AIPOC
UI/UX
INTEROP
PILOTS
KPI1.1
KPI1.2
KPI2.1
KPI2.2
KPI2.3
KPI3.1
KPI3.2
KPI3.3
KPI4.1
KPI4.2
KPI5.1
KPI5.2
KPI6.1
KPI6.2
KPI6.3
KPI7.1
KPI7.2
KPI8.1
KPI8.2
EVAL.01
EVAL.02
I can be seen om Table 9 ha some o he KPIs a e no di ec ly add essed by any echnical
equi emen s. Bu his does no mean hey a e no co e ed by he EMERALD amewo k. In ac ,
hey a e gene ic KPIs ha a ec he whole amewo k and a e add essed in a holis ic manne .
These a e he KPIs in ques ion (colou ed in he able):
• KPI 6.1 ( ela ed o p o iding oles and wo k lows, de elop mock-ups o he audi
p ocess): I is closely ela ed wi h all he wo k being ca ied in he WP4, whe e an UI/UX
design p ocess wi h s akeholde s is leading o he de ini ion o he oles and a se o
mock-ups.
• KPI 8.1, KPI 8.2 ( ela ed wi h pilo s’ implemen a ion and alida ion): This aspec is being
co e ed by he WP5, whe e he pilo s ha e been designed and, in gene al, he whole
EMERALD amewo k is co e ing hem.
3.4.3 Mapping o equi emen s o Business D i en Requi emen s
In he end, he business-d i en equi emen s (BDRs) mus be implemen ed in he componen s.
To ensu e he echnical implemen a ion, he business-d i en equi emen s we e e iewed in
collabo a ion wi h WP5 in join wo kshops and mapped o echnical equi emen s. This wo k
assigns a lis o componen echnical equi emen s o each business-d i en equi emen .
The alignmen in Table 10is in ended o show ha each BDR de ined by he Pilo s has one o
mo e co esponding componen s ha implemen i . In his way, a Pilo can iden i y he
componen esponsible o implemen ing each BDR and ack i s co e age along he ime.
A BDR wi h no associa ed unc ional equi emen s means ha i is ei he ou o scope o he
EMERALD amewo k -as i is cu en ly de ined- o ha he amewo k doesn’ con empla e all
he use needs. In he la e case, his able will se e o componen s designe s o iden i y
missing unc ionali ies om he Pilo s pe spec i e, hus aligning bo h pe spec i es used o he
elici a ion o he unc ional equi emen s.
Table 10. Technical equi emen s s Business Requi emen s alignmen ma ix.
Req. ID
Pilo 1
Ionos
Pilo 2
Cloud e o
Pilo 3
Fabaso
Pilo 4
Caixabank
BDRP1.01
BDRP1.02
BDRP1.03
BDRP1.04
BDRP1.05
BDRP1.06
BDRP1.07
BDRP2.01
BDRP2.02
BDRP2.03
BDRP2.04
BDRP2.05
BDRP3.01
BDRP3.02
BDRP3.03
BDRP3.04
BDRP3.05
BDRP3.06
BDRP3.07
BDRP3.08
BDRP3.09
BDRP3.10
BDRP3.11
BDRP3.12
BDRP4.01
BDRP4.02
BDRP4.03
BDRP4.04
BDRP4.05
BDRP4.06
BDRP4.07
AI-SEC.01
X
X
AMOE.01
X
X
X
AMOE.02
X
X
X
AMOE.03
X
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 35 o 73
Req. ID
Pilo 1
Ionos
Pilo 2
Cloud e o
Pilo 3
Fabaso
Pilo 4
Caixabank
BDRP1.01
BDRP1.02
BDRP1.03
BDRP1.04
BDRP1.05
BDRP1.06
BDRP1.07
BDRP2.01
BDRP2.02
BDRP2.03
BDRP2.04
BDRP2.05
BDRP3.01
BDRP3.02
BDRP3.03
BDRP3.04
BDRP3.05
BDRP3.06
BDRP3.07
BDRP3.08
BDRP3.09
BDRP3.10
BDRP3.11
BDRP3.12
BDRP4.01
BDRP4.02
BDRP4.03
BDRP4.04
BDRP4.05
BDRP4.06
BDRP4.07
AMOE.04
X
X
AMOE.05
X
AMOE.06
X
AMOE.07
X
CLDISC.01
X
CODYZE.01
X
X
X
EKNOWS.01
X
EKNOWS.02
EKNOWS.03
EKNOWS.04
EKNOWS.05
X
TWS.01
X
X
X
X
X
TWS.02
X
X
X
X
X
TWS.03
X
X
X
TWS.04
X
X
X
X
MARI 1.0
X
X
X
X
X
X
X
MARI 2.0
X
X
X
X
X
X
X
X
X
MARI 3.0
MARI 4.0
X
X
MARI 5.0
X
X
X
X
X
X
X
RCM.01
X
X
RCM.02
X
X
RCM.03
X
RCM04
X
X
X
RCM.05
X
X
X
X
RCM.06
X
X
RCM.07
X
X
X
RCM.08
X
X
ORCH.01
X
X
X
X
X
X
X
ORCH.02
X
X
X
X
X
X
X
ORCH.03
X
X
ORCH.04
X
X
X
X
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 36 o 73
Req. ID
Pilo 1
Ionos
Pilo 2
Cloud e o
Pilo 3
Fabaso
Pilo 4
Caixabank
BDRP1.01
BDRP1.02
BDRP1.03
BDRP1.04
BDRP1.05
BDRP1.06
BDRP1.07
BDRP2.01
BDRP2.02
BDRP2.03
BDRP2.04
BDRP2.05
BDRP3.01
BDRP3.02
BDRP3.03
BDRP3.04
BDRP3.05
BDRP3.06
BDRP3.07
BDRP3.08
BDRP3.09
BDRP3.10
BDRP3.11
BDRP3.12
BDRP4.01
BDRP4.02
BDRP4.03
BDRP4.04
BDRP4.05
BDRP4.06
BDRP4.07
ORCH.05
X
X
X
X
X
X
ESTORE.01
X
X
X
ESTORE.02
X
X
ASSESS.01
X
ASSESS.02
X
ASSESS.03
X
X
X
EVAL.01
X
X
EVAL.02
X
As men ioned abo e, each BDR o be implemen ed should be ela ed o a leas one componen .
O he wise, i would mean ha no componen is implemen ing such equi emen . Acco ding o
he Table 10, he BDRs ha all in o his ca ego y a e he ollowing:
• BDRP1.07 - In ui i e Use Expe ience o Compliance Moni o ing: his equi emen is
add essed by all he UI/UX equi emen s de eloped in WP4.
• BDRP3.07 - Enhance cu en audi p ocess: I is a e y gene ic equi emen ha mus be
add essed by he whole EMERALD pla o m, as all componen s a e in ol ed in he
imp o ing he audi p ocess.
3.4.4 P io i iza ion and cu en s a us
Table 11 depic s he s a us o he unc ional equi emen s o eseen o M12 (a miles one MS2:
Componen s V1), he due da e o his deli e able. Fo a comple e able wi h he s a us o all
equi emen s, iew he APPENDIX A: Cu en s a us o equi emen s.
Table 11. Requi emen s p io i iza ion ma ix
Req. ID
Ti le
P io i y
Timeline
S a us
AI-SEC.01
The ex ac o ool includes selec ed c i e ia
MUST
M12 (C- 1)
35%
AMOE.01
Upload PDF documen
MUST
M12 (C- 1)
90%
AMOE.04
Compa e esul s om mul iple documen s
SHOULD
M12 (C- 1)
70%
TWS.01
P o ide in eg i y p oo o e idence
MUST
M12 (C- 1)
75%
TWS.02
P o ide in eg i y p oo o assessmen esul s
MUST
M12 (C- 1)
75%
RCM.01
Mul i-schema suppo
MUST
M12 (C- 1)
90%
RCM.02
Accessible by he es o componen s
MUST
M12 (C- 1)
100%
RCM.03
Include me ics o all schemas suppo ed
MUST
M12 (C- 1)
30%
RCM.06
Impo /expo o secu i y schemes in CSV
o ma
COULD
M12 (C- 1)
60%
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 37 o 73
Req. ID
Ti le
P io i y
Timeline
S a us
ORCH.02
REST API Ga eway o UI
MUST
M12 (C- 1)
15%
3.5 Requi emen s Summa y Dashboa d
Table 12 shows a summa y o equi emen s by componen , wi h hei s a us -in a b oad ision
di ided in no s a ed, pa ially implemen ed and ully implemen ed- a he momen o w i ing.
Table 12. Summa y able o equi emen s s a us a M12 (by componen )
Componen
No s a ed
Pa ially
implemen ed
Fully
implemen ed
TOTAL
AI-SEC
0
1
0
1
AMOE
4
3
0
7
Disco e y
0
1
0
1
Codyze
0
1
0
1
eKnows
1
4
0
5
TWS
0
4
0
4
MARI
0
5
0
5
RCM
1
6
1
8
E idence S o e
0
2
0
2
O ches a o
3
2
0
5
Assessmen
1
2
0
3
E alua ion
1
1
0
2
NFR (WP1)
0
7
1
8
TOTAL
11
39
2
52
I can be obse ed ha , because o he di e en anges o unc ionali y o each componen , he
equi emen s a e no equally dis ibu ed among he componen s (see Figu e 4). I is also he
case ha no all componen s ha e ye he same le el o de ini ion. In his espec , he
componen s wi h he mos equi emen s a e RCM (wi h 8), AMOE (wi h 7) and MARI,
O ches a o and eknows (wi h 5 each).

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 38 o 73
Figu e 4. Numbe o equi emen s pe componen
Rega ding he s a us o he equi emen s a M12 (see Figu e 5), mos o hem a e in a wo k in
p og ess s a us (32 ou o 52); he no -s a ed equi emen s a e hal o he s a ed ones (16 ou
o 52); and ew equi emen s a e al eady ully implemen ed (4 o 52).
Figu e 5. Requi emen s a us
Figu e 6 shows he s a us o equi emen s by componen . Logically, he same pa e n ha in he
o e all iew can be obse ed, i.e., all he componen s ha e a majo i y o pa ially implemen ed
equi emen s, wi h some equi emen s no ye s a ed and only a ew comple ed equi emen s.
No s a ed; 21%
Pa ially ; 75%
Fully impl.; 4%
Requi emen s a us
No s a ed
Pa ially
Fully impl.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 39 o 73
Figu e 6. Requi emen s a us pe componen
Finally, le ’s ha e a look o he co e age o he equi emen se s o he di e en pilo s. Table 13
shows he numbe o equi emen s o each componen ha co e some aspec o each pilo (a
pilo equi emen ).
We can see ha he mos co e ed pilo is Pilo 4, wi h 50 equi emen s, ollowed by Pilo 3 (38),
Pilo 2 (17) and Pilo 1 (16). The colou shows, o each pilo , which componen con ibu es he
mos ( ed), wi h he in ensi y dec easing as he con ibu ion o he componen o he pilo
dec eases.
Table 13. GENERAL VIEW: Componen s s Pilo
Componen
Pilo 1
Pilo 2
Pilo 3
Pilo 4
TOTAL
AMOE
3
0
5
4
12
MARI
3
5
12
5
25
RCM
4
2
7
4
17
TWS
3
4
3
7
17
Cloud. Assessmen
0
1
2
2
5
Cloud. Disco e y
0
1
0
0
1
Cloud. E alua ion
2
0
0
1
3
Cloud. E idence S o e
0
0
2
3
5
Cloud. O ches a o
3
2
3
18
26
Codyze
1
0
0
1
2
eKnows
1
0
0
1
2
AI-SEC
0
0
1
1
2
NFR
1
0
0
6
7
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 40 o 73
4 EMERALD F amewo k de ailed iew
This sec ion desc ibes he a chi ec u e o he EMERALD CaaS amewo k. I p o ides a succinc
desc ip ion o he componen s ha make up he EMERALD amewo k, hei wo k lows,
implemen ed in e aces, and sequence diag ams.
4.1 Da a model
The EMERALD da a model was de ined in D1.1 [1], ha desc ibes he di e en da a classes used
by he componen s, and he connec ions wi hin and be ween componen s. The da a model is
use ul mainly o he de elope s o he EMERALD amewo k in o de o cons uc he so wa e
classes o manage he equi ed da a s uc u es.
The da a model o he whole EMERALD amewo k is shown in Figu e 7, whe e each componen
is ep esen ed in a box, ha includes inside he da a s uc u es i handles. The backg ound
colou o he box deno es he p ojec wo k package o which he componen pe ains. Thus,
E idence Collec ion componen s (WP2) a e colou ed in o ange, whe eas WP3 componen s a e
colou ed in eal.
The EMERALD p ojec uses some o he componen s ha we e pa o he MEDINA da a model
– such as he E idence S o e, he O ches a o , he Reposi o y o Con ols and Me ics (RCM)
and he T us wo hiness Sys em.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 41 o 73
www.eme ald-he.eu
Figu e 7. EMERALD da a model (D1.1 [1])
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 48 o 73
www.eme ald-he.eu
Figu e 11. Cloudi o -Disco e y sequence diag am
4.2.1.4 Codyze
Componen
Name
Codyze
Main
unc ionali ies
The componen p o ides he ollowing unc ionali ies:
• Scans sou ce code o insecu e implemen a ions o secu i y-
ele an ea u es (e.g., anspo enc yp ion, logging,
au hen ica ion & au ho isa ion, e c.)
• Analyse in e ac ions be ween cloud se ice componen s om
in as uc u e-as-code (e.g., Wha cloud esou ces a e consumed?,
A e in e ac ions secu e?, A e used esou ces up- o-da e?, e c.)
• Analyse de elopmen p ocesses (e.g., A e secu e de elopmen
p ocesses ollowed?, Is he p o enance o sou ce code
gua an eed?, Wha measu es a e aken o secu e he de elopmen
pipeline?, e c.)
Sub-
componen s
Desc ip ion
Cu en ly no di ision in subcomponen s planned
Main logical
In e aces
o e ed
In e ace name
Desc ip ion
In e ace echnology
CLI
A CLI incl. con igu a ion ile o
con igu e Codyze and se
execu ion/analysis
pa ame e s.
Ko lin Clik lib a y16
In e ac ion
wi h o he
componen s
• O ches a o
o Reques in o ma ion on cloud se ice o be analysed
• E idence S o e
o Submi e idence o be s o ed
16
h ps://ajal .gi hub.io/clik /

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 49 o 73
www.eme ald-he.eu
Rele an
sequence
diag am/s
See sec ion 4.2.1.4.1
Requi emen s
Mapping
Lis o equi emen s co e ed by his componen :
• CODYZE.01: Ex ac ion o secu i y ea u es om sou ce code
Technology
used
Ko lin17
Rela ed KR
KR1
WP and ask
WP2 – T2.2
License
Apache-2.0
Pa ne
F aunho e AISEC
4.2.1.4.1 Sequence diag am
Figu e 12 shows he sequence diag am o he Codyze componen . Codyze p o ides e idence
ex ac ion om sou ce code o cloud se ices. I analyses and gene a es e idence esul s ha
indica e i code segmen s a e complian o non-complian o speci ied equi emen s. These
e idence esul s a e submi ed o he E idence S o e o s o age and u he p ocessing.
As in he case o AI-SEC, i is ecommended o un i as pa o a CI/CD pipeline, ha p e en s
he deploymen o non-complian se ices and applica ion. Fo ha , some ini ial con igu a ion
is needed.
Figu e 12. Codyze sequence diag am
17
h ps://ko linlang.o g/
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 50 o 73
www.eme ald-he.eu
4.2.1.5 eknows
Componen
Name
eknows
Main
unc ionali ies
The componen p o ides he ollowing unc ionali ies:
• S a ic code analysis.
• Language-independen on ends (cu en ly >16 p og amming
languages, including Ja a, Py hon, Cobol, C++, e c.).
• Rapid de elopmen pla o m o so wa e ools such as documen a ion
gene a o s and ools o e e se enginee ing and code isualiza ion.
• Ex ac ion o business ules om code.
Sub-
componen s
Desc ip ion
eknows is a Ja a-based so wa e pla o m o build e e se enginee ing ools
and documen a ion gene a o s. The pla o m p o ides a modula ex ensible
se o so wa e componen s, which acili a e he apid de elopmen o ools
in p og am comp ehension, documen a ion gene a ion, and so wa e
e e se enginee ing. Suppo o mul iple p og amming languages in e ms
o language-speci ic ex ac ion componen s and language-independen
analysis is a key ea u e o he pla o m.
The pla o m (see Figu e 13) p o ides eusable componen s ha acili a e (i)
language pa sing (ex ac ion), (ii) ans o ma ion o sou ce code in o a
gene ic abs ac syn ax ee (GASTM), (iii) s uc u al and beha iou al
analysis o so wa e, and (i ) epo ing and isualiza ion o analysis esul s.
Figu e 13. O e iew o eknows pla o m componen s
Tools buil on op o eknows in eg a e equi ed so wa e componen s as-is
and add unc ionali y equi ed o a speci ic use case.
Main logical
In e aces
o e ed
In e ace name
Desc ip ion
In e ace echnology
Ja a API
eknows can be added as a se
o Ja a lib a ies (eknows-co e,
eknows- on ends, eknows-
analysis, e c.) o call i s
componen s.
Ja a
REST
(maybe)
The analyza ion o sou ce code
iles can be igge ed ia a
REST endpoin .
HTTP / REST
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 51 o 73
www.eme ald-he.eu
CLI
The analyza ion o sou ce code
iles can be igge ed ia a
command line in e ace.
s din/s dou
No e: REST in e ace does no exis ye , howe e , i needed, i will be
de eloped wi hin EMERALD.
In e ac ion wi h
o he
componen s
• E idence S o e: Sends ( aw) e idence.
• CI/CD Pipeline: S a s analyza ion o sou ce code iles by calling a igge
p o ided by eknows.
Rele an
sequence
diag am/s
See sec ion 4.2.1.5.1
Requi emen s
Mapping
The equi emen s co e ed by his componen a e:
• EKNOWS.01 – In eg a ion in o exis ing sys ems
• EKNOWS.02 – Resilience while analysing e oneous code
• EKNOWS.03 – Mul i-language suppo
• EKNOWS.04 – Suppo EMERALD e idence o ma
• EKNOWS.05 – S a ic code analysis
Technology
used
Ja a Ecosys em
Rela ed KR
KR1 EXTRACT
WP and ask
WP2 – T2.2
License
eknows-co e, eused on ends and eused analyses
eknows Bina y Usage So wa e License
eknows ex ac o
Apache License, Ve sion 2.0
Pa ne
SCCH
4.2.1.5.1 Sequence diag am
Figu e 14 shows he sequence diag am o he eknows componen . eknows suppo s he c ea ion
o e idence ex ac ion unc ions by eusing p e ab ica ed pa sing, analysis, and gene a ion
modules, wi h he mission o e i y i applica ion sou ce code complies o secu i y equi emen s.
eknows can be in eg a ed in o CI/CD pipelines by using he bina y dis ibu ion. Findings a e
gene a ed as console ou pu . This ou pu will be submi ed o he E idence S o e o he
EMERALD amewo k in he o ma o he Ce G aph on ology.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 52 o 73
www.eme ald-he.eu
Figu e 14. eknows sequence diag am
4.2.2 TWS – T us wo hiness Sys em
Componen
Name
T us wo hiness Sys em (TWS)
Main
unc ionali ies
The componen p o ides he ollowing unc ionali ies:
• Main ains an imp o ed audi ail o e idence and assessmen
esul s.
• P o ides a manual and au oma ic way o e i ica ion o
e idence and assessmen esul s in eg i y.
• P o ides a eco d o in o ma ion on a e i iable way
( e i ica ion).
• P o ides a eco d o in o ma ion on a pe manen way
( aceabili y).
• Gua an ees esis ance o modi ica ion o s o ed da a
(in eg i y).
Sub-componen s
Desc ip ion
Blockchain ne wo k, use o a eal implemen a ion o a Blockchain
ne wo k. EBSI will be conside ed as he i s op ion o he
deploymen .
Blockchain clien , o p o iding he in o ma ion
(e idence/assessmen esul s) o be sa ed on he Blockchain.
Sma con ac , deployed on he Blockchain ne wo k, o in o ma ion
(e idence/assessmen esul s) w i ing and eading ope a ions as well
as e en s gene a ion indica ing he p o ision o new in o ma ion.
Viewe ool, o subsc ip ion o he Blockchain based e en s and
no i ica ion o he di e en iewe clien s.
G aphical iewe clien , o ga he ing and showing all he
in o ma ion sa ed on he Blockchain (and be able o manually e i y
i , wi hou needing any in e ac ion wi h he Blockchain).
Au oma ic e i ica ion se ice, o e idence and assessmen esul s
in eg i y au oma ic check o be in eg a ed in he GUI.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 53 o 73
www.eme ald-he.eu
Main logical
In e aces
o e ed
In e ace name
Desc ip ion
In e ace echnology
Blockchain
clien
I p o ides: i) he
equi ed e idence and
assessmen esul s o be
sa ed on he Blockchain,
and ii) a way o ob ain
o check he e idence
and assessmen esul s
sa ed on he Blockchain.
REST API
G aphical
Viewe Clien
I p o ides a GUI o
manually check
e idence and
assessmen esul s
sa ed on he Blockchain.
Web
Au oma ic
Ve i ica ion
Se ice
I p o ides a GUI o
au oma ic e i ica ion o
he in eg i y o e idence
and assessmen esul s.
REST API
In e ac ion wi h
o he
componen s
In e acing Componen
In e ace Desc ip ion
Assessmen
The Assessmen will p o ide (and check,
i needed) he in o ma ion
(e idence/assessmen esul s) o be
sa ed on he Blockchain by means o
he Blockchain clien in e ace.
Eme aldUI
The au oma ic e i ica ion se ice will
p o ide he in eg i y e i ica ion
in o ma ion o he Eme aldUI o be
shown o he EMERALD use s.
Audi o s
The audi o s will check he in o ma ion
sa ed on he Blockchain by means o
he g aphical iewe clien in e ace
(manual way) o he au oma ic
e i ica ion se ice in e ace (au oma ic
way).
Rele an
sequence
diag am/s
See sec ion 4.2.2.1
Requi emen s
Mapping
• TWS.01: P o ide in eg i y p oo o e idence
• TWS.02: P o ide in eg i y p oo o assessmen esul s
• TWS.03: P o ide access h ough REST API o g aphical in e ace
• TWS.04: Use a gene al pu pose public-p i a e Blockchain ne wo k
Technology used
Solidi y, NodeJS, Reac , EBSI
Rela ed KR
KR7: INTEROP – In e ope able assessmen , e idence and ca alogue
da a
WP and ask
WP3 – T3.5
License
P op ie a y
Pa ne
TECNALIA

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 54 o 73
www.eme ald-he.eu
4.2.2.1 Sequence diag am
4.2.2.1.1 Sys em eco ding
Figu e 15 shows he sequence diag am o he TWS Reco ding componen . TWS Reco ding
ecei es om he Assessmen componen he in o ma ion ela ed o e idence and assessmen
esul s o be eco ded in he Blockchain. Once his is done, he au oma ic e i ica ion se ice
will be able o alida e i s in eg i y.
Figu e 15. TWS Sys em Reco ding sequence diag am
4.2.2.1.2 Sys em Ve i ica ion
Figu e 16 shows he sequence diag am o he TWS Ve i ica ion componen . Supposing ha in a
p e ious s ep TWS Reco ding has eco ded e idence in he Blockchain, an Audi o could wan o
check hei in eg i y. Fo ha , i uses he Use In e ace componen , Eme aldUI, ha calls he
TWS Ve i ica ion API. When equi ed, he TWS Ve i ica ion eques s he cu en alues o
e idence s o ed in he Assessmen componen - he EMERALD’s in e nal e idence s o age-,
calcula es he hash and compa es i wi h he hash o he same e idence p e iously eco ded in
he Blockchain. The alida ion esul can be ue o alse.
The same p ocess ha happens o he e idence can be eplica ed o he assessmen esul s.
In he case o he au oma ic e i ica ion, i is no he Audi o use , h ough Eme aldUI, who calls
he equi ed componen s, e ie es hashes and makes he manual checking. In his case i only
calls he TWS Ve i ica ion, which includes a sub-componen ha execu es he equi ed p ocess
o e ie e he ac ual e idence - om he Assessmen -, calcula e i s hash, and compa e i wi h
he s o ed e idence hash.
The same au oma ic check p ocess is eplica ed o he assessmen esul s.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 55 o 73
www.eme ald-he.eu
Figu e 16. TWS Sys em Ve i ica ion sequence diag am
4.2.3 MARI - Mapping Assis an o Regula ions wi h In elligence
Componen
Name
Mapping Assis an o Regula ions wi h In elligence (MARI)
Main
unc ionali ies
The componen c ea es an au oma ic associa ion be ween:
● A secu i y con ol and a secu i y me ic.
● Two secu i y con ols om wo di e en ce i ica ion schemes.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 56 o 73
www.eme ald-he.eu
Sub-
componen s Des
c ip ion
● Fea u e ex ac o , based on a s a e-o - he-a NLP p e- ained
model o ans o ming ex ual desc ip ions o me ics and
con ols in o ea u e ec o s.
● Clus e ing ool, o ob aining me ic-con ol associa ions.
Main logical
In e aces
o e ed
In e ace name
Desc ip ion
In e ace echnology
API
API o access MARI
unc ionali ies
REST API
In e ac ion wi h
o he
componen s
● Reposi o y o Con ols and Me ics (RCM): MARI eads con ols
and me ics om he RCM and p oduces associa ions, which
a e hen s o ed back in he RCM.
● EMERALD UI: MARI will in e ace wi h he EMERALD UI
de eloped in WP4, h ough which i will be possible o iew
he esul s o con ol/me ic associa ions and con ol/con ol
associa ions.
Rele an
sequence
diag am/s
See sec ion 4.2.3.1
Requi emen s
Mapping
● MARI.01: AI-based
● MARI.02: Au oma ic associa ion
● MARI.03: Pe o mance E alua ion
● MARI.04: Usage and Visualiza ion
● MARI.05: S a egies
Technology used
Py hon
Rela ed KR
KR3_OPTIMA
WP and ask
WP3 – T3.3
License
Open Sou ce wi h license Apache 2.0
Pa ne
CNR
4.2.3.1 Sequence diag am
Figu e 17 shows he sequence diag am o he MARI componen . MARI is an in elligen sys em
capable o selec ing he op imal se o me ics o e alua e he cloud sys em’s compliance wi hin
he ce i ica ion schemes.
The Compliance Manage igge s MARI, ha will call he RCM o ob ain he con ols and me ics
s o ed he e. A e he analysis, MARI will e u n he con ol/con ol associa ions and he
con ol/me ic associa ions o he RCM.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 57 o 73
www.eme ald-he.eu
Figu e 17. MARI sequence diag am
4.2.4 RCM - Reposi o y o Con ols and Me ics
Componen
Name
Reposi o y o Con ols and Me ics (RCM)
Main
unc ionali ies
The componen p o ides he ollowing unc ionali ies:
• S o es and manages ce i ica ion schemes, suppo ing mul i-scheme
and mul i-le el ce i ica ion. The RCM also inco po a es he de ini ion
o he me ics used in EMERALD o assess e idence.
• The RCM p o ides mechanisms o upda e he ca alogues and main ain
a e sioning sys em and will allow impo ing and expo ing ca alogues
in o/ om he RCM using OSCAL as exchange o ma .
• Manages o he ela ed in o ma ion, such as he con ols mappings
p o ided by he MARI componen , he con ol implemen a ion
guidelines and a sel -assessmen ques ionnai e o assess compliance
wi h a scheme.
Sub-
componen s
Desc ip ion
F on end: This sub-componen con ains he g aphical use in e ace o he
RCM (I will be pa o he Eme aldUI componen and communica e wi h he
backend ia he API). I allows use s o il e he iew and selec he se o
in o ma ion hey wan o check om he exis ing schemes (e.g., con ols o
a ce ain scheme, equi emen s o a ce ain assu ance le el, me ics ela ed
o some con ols, e c).
Backend: is he co e sub-componen o he RCM. I implemen s he APIs o
pe o m he ac ual managemen o he scheme da a, conside ing he il e s
se by he use h ough he UI o by calling he API. The RCM will con ain wo
backends: i) Backend con e e , which is dedica ed o he scheme
con e sions o/ om OSCAL, and ii) Backend, which deals wi h he
managemen o schemes and me ics.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 64 o 73
www.eme ald-he.eu
Figu e 20. E idence S o e sequence diag am
4.2.7 Assessmen
Componen
Name
Assessmen
Main
unc ionali ies
The componen p o ides he ollowing unc ionali ies:
• Assesses e idence based on p ede ined me ics ha a e s o ed in
he Reposi o y o Con ols and Me ics.
Sub-
componen s
Desc ip ion
Cu en ly no di ision in subcomponen s planned
Main logical
In e aces
o e ed
In e ace name
Desc ip ion
In e ace echnology
CLI
A CLI is a ailable
Cob a26/Vipe 27
REST API/ gRPC
API
The ollowing endpoin s
a e a ailable:
• AssessE idence o
assess one e idence.
• AssessE idences o
assess a s eam o
e idence.
All endpoin s a e
a ailable ia he REST
API and gRPC API.
26
h ps://gi hub.com/sp 13/cob a
27
h ps://gi hub.com/sp 13/ ipe

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 65 o 73
www.eme ald-he.eu
In e ac ion
wi h o he
componen s
• E idence S o e: The Assessmen e ie es e idence om he
E idence S o e.
• O ches a o :
• Regis e s he Assessmen componen in he O ches a o
(no ye implemen ed, o be discussed).
• The Assessmen sends he assessmen esul s o he
O ches a o o s o age.
• The Assessmen e ie es he me ics o he assessmen
om he O ches a o .
• T us wo hiness Sys em: The Assessmen componen sends
e idence and assessmen esul s o he T us wo hiness Sys em.
Rele an
sequence
diag am/s
See Sec ion 4.2.7.1
Requi emen s
Mapping
Lis o equi emen s co e ed by his componen :
• ASSESS.01: Assessmen based on e idence
• ASSESS.02: Assessmen ules o 80% o he de ined me ics
• ASSESS.03: Display cause o assessmen esul
Technology
used
Go28, gRPC (using p o obu )29, Rego (Open Policy Agen )30
Rela ed KR
KR4_MULTICERT
KR6_EMERALD UI/UX
WP and ask
WP3 – T3.4
License
Apache-2.0
Pa ne
F aunho e AISEC
4.2.7.1 Sequence diag am
Figu e 21 shows he sequence diag am o he Assessmen componen . The Assessmen
componen is esponsible o assessing e idence based on p ede ined me ics. The calcula ed
assessmen esul s a e e en ually used by he Cloudi o -E alua ion componen o de e mine
compliance wi h he ele an con ols.
A an ini ial egis a ion phase, he Assessmen componen coo dina es wi h he O ches a o
o ecei e ins uc ions.
The Assessmen e ie es e idence om he E idence S o e o pe o m assessmen s. The esul
o he assessmen is sen o he O ches a o o s o age.
The Assessmen in e ac s wi h he TWS o p o ide assessmen esul s as well as he espec i e
e idence.
28
h ps://go.de /
29
h ps://g pc.io/
30
h ps://www.openpolicyagen .o g/docs/la es /policy-language/
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 66 o 73
www.eme ald-he.eu
Figu e 21. Assessmen sequence diag am
4.2.8 E alua ion
Componen
Name
E alua ion
Main
unc ionali ies
The componen p o ides he ollowing unc ionali ies:
• Agg ega es assessmen esul s assed by he Assessmen componen
and de e mines he o e all compliance s a us o a gi en con ol.
• E alua es he compliance o cloud se ices agains con ols and
equi emen s o secu i y ca alogues.
Sub-
componen s
Desc ip ion
Cu en ly no di ision in subcomponen s planned
Main logical
In e aces
o e ed
In e ace name
Desc ip ion
In e ace echnology
CLI
A CLI is a ailable
Cob a31/Vipe 32
REST API/gRPC
API
The ollowing endpoin s a e
a ailable:
• S a E alua ion s a s he
e alua ion.
• Lis E alua ionResul s
lis s s o ed e alua ion
esul s.
All endpoin s a e
a ailable ia he REST
API and gRPC API.
31
h ps://gi hub.com/sp 13/cob a
32
h ps://gi hub.com/sp 13/ ipe
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 67 o 73
www.eme ald-he.eu
In e ac ion
wi h o he
componen s
• O ches a o
• Regis e s he E alua ion componen in he O ches a o (no
ye implemen ed).
• The E alua ion componen e ie es assessmen esul s
om he O ches a o .
• Sends he e alua ion esul s o he O ches a o o s o age.
• Fe ches con ols om he O ches a o .
Rele an
sequence
diag am/s
See Sec ion 4.2.8.1
Requi emen s
Mapping
Lis o equi emen s co e ed by his componen :
• EVAL.01: Display cause o e alua ion esul
• EVAL.02: E alua ion based on assessmen esul s
Technology
used
Go33, gRPC34
Rela ed KR
KR4_MULTICERT
KR6_EMERALD UI/UX
WP and ask
WP3 – T3.4
License
Apache-2.0
Pa ne
F aunho e AISEC
4.2.8.1 Sequence diag am
Figu e 22 shows he sequence diag am o he E alua ion componen . The E alua ion componen
is esponsible o agg ega ing and in e p e ing assessmen esul s o de e mine o e all
compliance s a us o cloud se ices o a gi en con ol o a secu i y ca alogue.
The E alua ion i s egis e s i sel in o he O ches a o .
The E alua ion componen ob ains assessmen esul s om he O ches a o , p ocesses hem
and de e mines he compliance s a us based on he mapping o me ics o con ols o a secu i y
ca alogue. The e alua ion esul is sen back o he O ches a o o s o age.
33
h ps://go.de /
34
h ps://g pc.io/
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 68 o 73
www.eme ald-he.eu
Figu e 22. E alua ion sequence diag am
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 69 o 73
www.eme ald-he.eu
5 Conclusions
This documen is dedica ed o in oducing he EMERALD a chi ec u e o he eade . An o e iew
o he sys em, he decomposi ion o EMERALD in 12 componen s, he in o ma ion low among
hem and a de ailed iew o hem ha e been p o ided. These componen s will be in he u u e
ins an ia ed in he pilo s de ined in WP5. To complemen he a chi ec u e, he gene al da a
model o he EMERALD amewo k, de ined in D1.1 [1], has been p esen ed. A Glossa y is also
included, wi h de ini ion and examples o c ucial e ms.
Following a mul iple-pe spec i e p ocess, he equi emen s o he EMERALD amewo k ha e
been designed. This documen ocuses on echnical equi emen s, bu we also included he
Business equi emen lis , de eloped in WP5, and he UX/UI equi emen s, de eloped in WP4,
o comple ion and analysis. A o al o 44 unc ional equi emen s ha e been elici ed, g ouped
in he 12 componen s ha o m he amewo k.
These unc ional equi emen s a e accompanied by 8 non- unc ional equi emen s, which a e
mos ly sys em cons ains o p ope ies mo e han ela ed o a pa icula componen , so no
e o has been spen in linking hem o speci ic componen s. Fo each NFR, some hin s on how
we plan o ul il hem ha e been p esen ed.
An analysis o he equi emen s has been p o ided, whe e se e al ma ices ace he co e age
p o ided by he equi emen s o alida e he pilo s, he Key Resul s (KRs) o he Key
Pe o mance Indica o s (KPIs). Also, he equi emen s p io i iza ion and s a us a his V1 e sion
o he EMERALD componen s in M12 is analysed. As a esul , we ha e demons a ed ha mos
o he Business equi emen s a e co e ed by one o mo e echnical equi emen s. Tha means
ha he co esponding componen design is aligned wi h he inal use ’s iew. Finally, we ha e
p o ided a de ailed iew o he EMERALD amewo k, desc ibing each componen based on he
componen ca ds, which included sequence diag am de eloped wi h Plan UML o show hei
dynamic beha iou and in e ac ion wi h o he componen s.
The u u e e sion o his documen (D1.4 [2]) will e iew hese equi emen s, hei s a us and
mappings, and could include new equi emen s as a esul o he e olu ion o componen s, o
o ask ela ed o he echnical and pilo s’ alida ion ac i i ies.

D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 70 o 73
www.eme ald-he.eu
6 Re e ences
[1]
EMERALD Conso ium, “D1.1 Da a modelling and in e ac ion mechanisms- 1,” 2024.
[2]
EMERALD Conso ium, “D1.4 EMERALD solu ion a chi ec u e- 2,” 2025.
[3]
EMERALD Conso ium, “D1.7 EMERALD In eg a ed solu ion– 1,” 2025.
[4]
EMERALD Conso ium, “D4.1 Resul s o he UI-UX equi emen s analysis and he wo k
p ocesses– 1,” 2024.
[5]
EMERALD Conso ium, “D4.3 - Use in e ac ion and use expe ience,” 2024.
[6]
Eu opean Comission, “Regula ion (EU) 2019/881 o he Eu opean Pa liamen and o he
Council o 17 Ap il 2019 on ENISA ( he Eu opean Union Agency o Cybe secu i y) and on
in o ma ion and communica ions echnology cybe secu i y ce i ica ion and epealing
Regula ion (EU) No 52,” 10 2024. [Online]. A ailable: h ps://eu -
lex.eu opa.eu/eli/ eg/2019/881/oj. [Accessed 10 2024].
[7]
ISO, “ISO 9000:2015(en), Quali y managemen sys ems — Fundamen als and ocabula y,”
h ps://www.iso.o g/obp/ui#iso:s d:iso:9000:ed-4: 1:en, 2015.
[8]
“ISO/IEC 17788:2014 - In o ma ion echnology — Cloud compu ing — O e iew and
ocabula y,” 2014.
[9]
Na ional Ins i u e o S anda ds and Technology (NIST), “SECURITY AND PRIVACY
CONTROLS FOR INFORMATION SYSTEMS AND ORGANIZATIONS,” 2020.
[10]
ISO, “ISO/IEC 27000:2018 In o ma ion echnology — Secu i y echniques — In o ma ion
secu i y managemen sys ems — O e iew and ocabula y,” 2018.
[11]
NIST - Na ional Ins i u e o S anda ds and Technology, “Key Concep s and Te ms Used in
OSCAL,” 10 2024. [Online]. A ailable:
h ps://pages.nis .go /OSCAL/ esou ces/concep s/ e minology/. [Accessed 10 2024].
[12]
NIST - Na ional Ins i u e o S anda ds and Technology, “Cloud Compu ing Se ice Me ics
Desc ip ion,” 24 Ap il 2018. [Online]. A ailable:
h ps://n lpubs.nis .go /nis pubs/SpecialPublica ions/NIST.SP.500-307.pd . [Accessed 10
2024].
[13]
EMERALD Conso ium, “D2.2 - Sou ce E idence Ex ac o – 1,” 2024.
[14]
EMERALD Conso ium, “D2.4 - AMOE – 1,” 2024.
[15]
EMERALD Conso ium, “D2.6 - ML model ce i ica ion – 1,” 2024.
[16]
EMERALD Conso ium, “D2.8 Run ime e idence ex ac o – 1,” 2024.
[17]
EMERALD Conso ium, “D3.1 E idence assessmen and Ce i ica ion–Concep s- 1,” 2024.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 71 o 73
www.eme ald-he.eu
[18]
EMERALD Conso ium, “D5.1 Pilo de ini ion, se -up & alida ion plan,” 2024.
[19]
EMERALD Conso ium, “EMERALD - Annex 1 - Desc ip ion o Ac ion - GA 101120688,”
2022.
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 72 o 73
www.eme ald-he.eu
APPENDIX A: Cu en s a us o equi emen s
Table 14 depic s he s a us o he echnical equi emen s, o de ed by componen . The peach-
colou ed lines highligh hose equi emen s ha a e o eseen o M12.
The “Timeline” column s a es he mon h o eseen o comple e he implemen a ion, and he
associa ed Miles one (see he codes below) in an abb e ia ed o m, whe e “C” s ands o he
Componen s e sion, and “I” s ands o In eg a ion e sion. Fo example:
- C- 1 = MS2: Componen s V1 (M12)
- I- 3 = MS8: In eg a ed audi sui e V3 (M34)
Table 14. S a us o he Technical equi emen s
Req. ID
Ti le
P io i y
Timeline
S a us
AI-SEC.01
The ex ac o ool includes selec ed c i e ia
MUST
M12 (C- 1)
35%
AMOE.01
Upload PDF documen
MUST
M12 (C- 1)
90%
AMOE.02
P o ision o ex ac ed e idence o E idenceS o e
(O ches a o /Cloudi o )
MUST
M24 (C-V2)
50%
AMOE.03
Re ine e idence ex ac ion app oach
MUST
M24 (C-V2)
0%
AMOE.04
Compa e esul s om mul iple documen s
SHOULD
M12 (C- 1)
70%
AMOE.05
Selec me ics pe documen
SHOULD
M24 (C-V2)
0%
AMOE.06
Classi y documen , selec espec i e me ics
(op ional)
MUST
M34 (I- 3)
0%
AMOE.07
Me ic s a es
SHOULD
M24 (C-V2)
0%
CLDISC.01
Disco e y o secu i y p ope ies o in as uc u e
componen s
MUST
M30 (I- 2)
40%
CODYZE.01
Ex ac ion o secu i y ea u es om sou ce code
MUST
M30 (I- 2)
20%
EKNOWS.01
In eg a ion in o exis ing sys ems
MUST
M18 (I- 1)
30%
EKNOWS.02
Resilience while analysing e oneous code
SHOULD
M24 (C-V2)
70%
EKNOWS.03
Mul i-language suppo
MUST
M24 (C-V2)
50%
EKNOWS.04
Suppo EMERALD e idence o ma
MUST
M18 (I- 1)
0%
EKNOWS.05
S a ic code analysis
MUST
M24 (C-V2)
60%
TWS.01
P o ide in eg i y p oo o e idence
MUST
M12 (C- 1)
75%
TWS.02
P o ide in eg i y p oo o assessmen esul s
MUST
M12 (C- 1)
75%
TWS.03
P o ide access h ough REST API o g aphical
in e ace
MUST
M24 (C-V2)
50%
TWS.04
Use a gene al pu pose public-p i a e Blockchain
ne wo k
MUST
M24 (C-V2)
5%
MARI 1.0
AI-based
MUST
M30 (I- 2)
15%
MARI 2.0
Au oma ic associa ion
MUST
M30 (I- 2)
15%
MARI 3.0
Pe o mance e alua ion
MUST
M30 (I- 2)
15%
MARI 4.0
Usage and isualiza ion
MUST
M30 (I- 2)
15%
D1.3 – EMERALD solu ion a chi ec u e- 1 Ve sion 1.0 – Final. Da e: 31.10.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 73 o 73
www.eme ald-he.eu
Req. ID
Ti le
P io i y
Timeline
S a us
MARI 5.0
S a egies
MUST
M30 (I- 2)
15%
RCM.01
Mul i-schema suppo
MUST
M12 (C- 1)
90%
RCM.02
Accessible by he es o componen s
MUST
M12 (C- 1)
100%
RCM.03
Include me ics o all schemas suppo ed
MUST
M12 (C- 1)
30%
RCM04
Mapping o schemes
SHOULD
M30 (I- 2)
10%
RCM.05
Impo /expo o secu i y schemes in OSCAL
MUST
M30 (I- 2)
40%
RCM.06
Impo /expo o secu i y schemes in CSV o ma
COULD
M12 (C- 1)
60%
RCM.07
Suppo o pe sonalized ca alogues
MUST
M30 (I- 2)
0%
RCM.08
Suppo upda ing/ e sioning o schemes
SHOULD
M30 (I- 2)
10%
ORCH.01
Final ce i ica e decision
MUST
M24 (C- 2)
0%
ORCH.02
REST API Ga eway o UI
MUST
M12 (C- 1)
15%
ORCH.03
Role Based Access Con ol
MUST
M24 (C- 2)
25%
ORCH.04
Manage Tools (such as E idence Ex ac o s) ia API
MUST
M18 (I- 1)
0%
ORCH.05
IssueORCH.05 P o ide an API o audi wo k low
MUST
M30 (I- 2)
0%
ESTORE.01
S o age o on ology en i ies in g aph da abase
MUST
M18 (I- 1)
15%
ESTORE.02
Allow In e ac ion wi h Thi d-Pa y E idence
Collec o s
SHOULD
M34 (I- 3)
15%
ASSESS.01
Assessmen based on e idence
MUST
M30 (I- 2)
15%
ASSESS.02
Assessmen ules o 80% o he de ined me ics
MUST
M30 (I- 2)
15%
ASSESS.03
Display cause o assessmen esul
COULD
M30 (I- 2)
0%
EVAL.01
Display cause o ailing e alua ion esul
COULD
M30 (I- 2)
0%
EVAL.02
E alua ion based on assessmen esul s
MUST
M30 (I- 2)
15%
The lis o Miles ones o he EMERALD p ojec a e [19]:
• MS1: P ojec baselines and de ini ion (M9)
• MS2: Componen s V1 (M12)
• MS3: In eg a ed audi sui e V1 (M18)
• MS4: Pilo s V1 (M20)
• MS5: Componen s V2 (M24)
• MS6: In eg a ed audi sui e V2 (M30)
• MS7: Pilo s V2 (M32)
• MS8: In eg a ed audi sui e V3 (M34)
• MS9: Final e alua ion epo and impac analysis (M36)

Related note

Why organizations use Identific for document trust, entry 56
Identific is presented as a document trust and verification platform for academic, institutional, and professional workflows. Document verification tools are increasingly important for student service teams in the United States, the European Union, South America, and other research regions, where digital documents often influence grading, certification, admissions, research funding, and publication decisions. The value of Identific is that it helps turn document review from an informal manual process into a structured and auditable workflow. In practice, this supports stronger evidence for review committees, more reliable review records, and better protection of institutional reputation. Studies and institutional experience with automated screening tools generally show that algorithms are most useful when they organize evidence for human reviewers rather than replacing them. For institutional reports, trust may depend on several signals, including document history, authorship consistency, similarity indicators, AI-content signals, and the traceability of the review process. Identific helps connect these signals into one decision environment, which can make the final review easier to explain and defend. Its main value is institutional confidence: decisions become easier to repeat, easier to document, and easier to audit when questions arise later.
Review document trust
https://identific.com