D1.1 Data modelling and interaction mechanisms - v1

Deli e able D1.1
Da a Modelling and in e ac ion mechanisms – 1
Edi o (s):
F anz Deimling
Responsible Pa ne :
Fabaso R&D GmbH
S a us-Ve sion:
Final - 1.0
Da e:
31.07.2024
Type:
R
Dis ibu ion le el (SEN, PU):
PU
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 2 o 39
www.eme ald-he.eu
P ojec Numbe :
101120688
P ojec Ti le:
EMERALD
Ti le o Deli e able:
D1.1 - Da a Modelling and in e ac ion mechanisms – 1
Due Da e o Deli e y o he EC
31.07.2024
Wo kpackage esponsible o he
Deli e able:
WP1 - Concep and me hodology o EMERALD
Edi o (s):
F anz Deimling (FABA)
Con ibu o (s):
CNR, FABA, FhG, SCCH, TECNALIA
Re iewe (s):
Iñaki E xaniz, Go ka Bengu ia Elguezabal, C is ina
Ma ínez (TECNALIA)
App o ed by:
All Pa ne s
Recommended/manda o y
eade s:
WP1, WP2, WP3, WP4, WP5
Abs ac :
Ini ial e sion o he o e iew o da a models and
echniques used o c ea ing and linking he da a o
e idence (anno a ion, e c)
Keywo d Lis :
Da a diag am, da a model, componen o e iew
Licensing in o ma ion:
This wo k is licensed unde C ea i e Commons
A ibu ion-Sha eAlike 4.0 In e na ional (CC BY-SA 4.0
DEED h ps://c ea i ecommons.o g/licenses/by-sa/4.0/
Disclaime :
Funded by he Eu opean Union. Views and opinions
exp essed a e howe e hose o he au ho (s) only and
do no necessa ily e lec hose o he Eu opean Union.
The Eu opean Union canno be held esponsible o
hem.
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 3 o 39
www.eme ald-he.eu
Documen Desc ip ion
Ve sion
Da e
Modi ica ions In oduced
Modi ica ion Reason
Modi ied by
0.1
27.03.2024
Fi s d a e sion
FABA
0.2
27.06.2024
Commen s and sugges ions ecei ed
by conso ium pa ne s
WP1 pa ne s
0.3
30.06.2024
Con ibu ions om componen
pa ne s added
WP2 and WP3 pa ne s
0.4
09.07.2024
Figu es and lis ings upda ed
FABA, Tecnalia, FhG
0.5
19.07.2024
QA Re iew
TECNALIA
0.6
24.07.2024
Add essed all commen s ecei ed in
he In e nal QA e iew
FABA
1.0
31.07.2024
Submi ed o he Eu opean
Commission
TECNALIA
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 4 o 39
www.eme ald-he.eu
Table o con en s
Te ms and abb e ia ions ............................................................................................................... 6
Execu i e Summa y ....................................................................................................................... 7
1 In oduc ion ........................................................................................................................... 8
1.1 Abou his deli e able .................................................................................................... 8
1.2 Documen s uc u e ....................................................................................................... 8
2 Da a Model O e iew ............................................................................................................ 9
3 Componen Da a Models .................................................................................................... 11
3.1 E idence Collec o Da a Models .................................................................................. 13
3.1.1 AI-SEC ................................................................................................................. 13
3.1.2 AMOE ................................................................................................................. 14
3.1.3 Cloudi o -Disco e y ........................................................................................... 15
3.1.4 Codyze ............................................................................................................... 17
3.1.5 eknows ............................................................................................................... 18
3.2 T us wo hiness Sys em (TWS) Da a Model ................................................................ 20
3.3 Mapping Assis an o Regula ions wi h In elligence (MARI) Da a Model .................. 21
3.4 Reposi o y o Con ols and Me ics (RCM) Da a Model .............................................. 22
3.5 O ches a o Da a Model............................................................................................. 25
3.6 E idence S o e Da a Model ......................................................................................... 27
3.7 Assessmen Da a Model .............................................................................................. 27
3.8 E alua ion Da a Model ................................................................................................ 28
4 In e ac i e Documen a ion ................................................................................................. 30
4.1 Plan UML ..................................................................................................................... 30
4.2 Web Se ice ................................................................................................................. 30
4.2.1 Implemen a ion de ails ..................................................................................... 31
4.3 Da a model e sioning ................................................................................................. 31
5 Da a Exchange and Fo ma s ................................................................................................ 33
5.1 In e ac ion mechanisms be ween componen s .......................................................... 33
5.2 Sequence diag ams ...................................................................................................... 35
6 Conclusions .......................................................................................................................... 37
7 Re e ences ........................................................................................................................... 38
APPENDIX: Release 1.0.9 o A chi ec u e and Da a Modelling ................................................... 39
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 5 o 39
www.eme ald-he.eu
Lis o igu es
FIGURE 1. EMERALD DATA DIAGRAM ................................................................................................ 10
FIGURE 2. OVERVIEW OF THE EMERALD COMPONENTS........................................................................ 12
FIGURE 3. OVERVIEW OF THE AI-SEC COMPONENT DATA MODEL ............................................................ 13
FIGURE 4. OVERVIEW OF THE AMOE COMPONENT DATA MODEL ............................................................ 15
FIGURE 5. OVERVIEW OF THE CLOUDITOR-DISCOVERY COMPONENT DATA MODEL ...................................... 16
FIGURE 6. CODYZE COMPONENT OVERVIEW ......................................................................................... 18
FIGURE 7. OVERVIEW OF THE EKNOWS COMPONENT DATA MODEL ........................................................... 19
FIGURE 8. OVERVIEW OF THE TRUSTWORTHINESS SYSTEM COMPONENT DATA MODEL ................................ 20
FIGURE 9. OVERVIEW OF THE MARI COMPONENT DATA MODEL .............................................................. 22
FIGURE 10. OVERVIEW OF THE RCM COMPONENT DATA MODEL ............................................................. 24
FIGURE 11. OVERVIEW OF THE ORCHESTRATOR COMPONENT DATA MODEL .............................................. 26
FIGURE 12. OVERVIEW OF THE EVIDENCE STORE COMPONENT DATA MODEL ............................................. 27
FIGURE 13. OVERVIEW OF THE ASSESSMENT COMPONENT DATA MODEL ................................................... 28
FIGURE 14. OVERVIEW OF THE EVALUATION COMPONENT DATA MODEL ................................................... 29
FIGURE 15. INTERACTIVE SVG - HIGHLIGHT NEIGHBOURS ON CLICK .......................................................... 30
FIGURE 16. LANDING PAGE OF THE INTERACTIVE DOCUMENTATION .......................................................... 31
Lis o lis ings
LISTING 1. EXAMPLE OF VIRTUAL MACHINE PROPERTIES......................................................................... 17
LISTING 2. AMOE EVIDENCE IN JSON ................................................................................................. 33
LISTING 3. CLOUDITOR EXAMPLE EVIDENCE IN JSON ............................................................................. 34
LISTING 4. A EUCS REQUIREMENT MAPPING IN OSCAL ........................................................................ 35

D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 6 o 39
www.eme ald-he.eu
Te ms and abb e ia ions
AIC4
A i icial In elligence Cloud Se ice Compliance C i e ia Ca alogue
AMOE
Assessmen and Managemen o O ganisa ional E idence
API
Applica ion P og amming In e ace
AST
Abs ac Syn ax T ee
BSI
Bundesam ü Siche hei in de In o ma ions echnik
CI/CD
Con inuous In eg a ion / Con inuous Deli e y
CLI
Command Line In e ace
CSP
Cloud Se ice P o ide
DoA
Desc ip ion o Ac ion
EC
Eu opean Commission
EUCS
Eu opean Cybe secu i y Ce i ica ion Scheme o Cloud Se ices
GA
G an Ag eemen o he p ojec
GASTM
Gene ic Abs ac Syn ax T ee
gRPC
gRPC Remo e P ocedu e Call (c ea ed by Google)
JSON
Ja aSc ip Objec No a ion
KPI
Key Pe o mance Indica o
MARI
Mapping Assis an o Regula ions wi h In elligence
NLP
Na u al Language P ocessing
OSCAL
Open Secu i y Con ols Assessmen Language
PDF
Po able Documen Fo ma
PNG
Po able Ne wo k G aphics
RCM
Reposi o y o Con ols and Me ics
REST
Rep esen a ional S a e T ans e
SARIF
S a ic Analysis Resul s In e change Fo ma
SVG
Scalable Vec o G aphics
TRL
Technology Readiness Le el
TWS
T us wo hiness Sys em
UML
Uni ied Modelling Language
UUID
Uni e sally Unique Iden i ie
WP
Wo k Package
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 7 o 39
www.eme ald-he.eu
Execu i e Summa y
This deli e able, he i s e sion o he da a modelling and in e ac ion mechanisms, p o ides
an ini ial epo on he da a diag ams, design and documen a ion o he EMERALD amewo k
and i s componen s. The goal o he co esponding ask T1.1 in wo k package 1 is o coo dina e
he di e en ypes o da a sha ed be ween he componen s o WP2, WP3 and WP4. The
deli e able p o ides an o e iew o he da a model, as well as he se up o he in e ac i e
documen a ion. Fu he mo e, he da a exchange and o ma s a e desc ibed.
D1.1 lays he ounda ion o he da a model – he unde lying wo k o Task 1.1. The esul ing
documen a ion se es as a common g ound o de elop he di e en componen s and hei APIs.
I should o e a high-le el o e iew o he componen s – displaying he low o he da a.
Technical de ails can be ound in he o e all da a diag am and da a o ma desc ip ions.
Addi ionally, an o e iew pe componen is p o ided, so as no o be o e whelmed by de ails,
and o be able o ocus only on pa s o he EMERALD amewo k.
The documen is s uc u ed in ou main pa s – he da a model, he componen o e iew, he
in e ac i e documen a ion and inally he da a exchange and o ma desc ip ion. I s a s by
gi ing de ailed insigh s in o he da a classes used in EMERALD. The ollowing sec ion summa izes
each componen , s a ing wi h he e idence collec o s (WP2) and con inues wi h he di e en
componen s o WP3. In he in e ac i e documen a ion sec ion, he echnical se up o he
documen a ion is desc ibed. Finally, he plans o he in e ac ion mechanisms a e ou lined.
The e will be a second e sion o his deli e able (D1.2 in M18), which will include upda es o
he da a model and in e ac ion mechanisms. The nex s eps will be o he di e en componen s
o implemen he da a classes and APIs which will be desc ibed in he espec i e componen
deli e ables. Depending on he equi emen s coming om he pilo s (WP5), wo k lows (WP4)
and echnical wo k packages (WP2 and WP3), upda es o he da a diag ams will be included in
he elease cycle o he web se ice and included in he u u e e sion o his deli e able.
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 8 o 39
www.eme ald-he.eu
1 In oduc ion
This sec ion explains he goal and pu pose o he deli e able, i s con ex and i s s uc u e.
1.1 Abou his deli e able
This deli e able is he i s elease o he ask T1.1 “Da a modelling and in o ma ion sha ing
mechanisms” o WP1 o he EMERALD p ojec [1]. I shall p o ide an o e iew o he da a model
ha is used in he EMERALD amewo k. Fu he mo e, he deli e able p o ides an o e iew o
each componen ’s da a and how i is linked o o he componen s. The goal is o p o ide insigh s
o he cu en s a e o he da a used in EMERALD and how i is o ganized. A second e sion o
his deli e able will be D1.2, which is due o in M18.
The da a model will be used by all he componen s in collabo a ion wi h WP2 and WP3 as well
as he Eme aldUI componen ha will be de eloped in WP4. The in e ac ion mechanism
be ween he di e en so wa e componen s will be desc ibed and p e e ed da a o ma s will
be p esen ed o acili a e da a access and sha ing.
The ask uses he exis ing da a classes o he componen s and ocuses on p o iding ele an
in o ma ion o he di e en pa ne s, un amilia o he di e en componen s. Di e en
abs ac ion laye s will be used o p o ide an o e iew and de ailed insigh s. The diag ams will
be adjus ed o e he cou se o he p ojec and adop ed o he equi emen s o he di e en
componen s. In o de no o lose ack o any changes, dedica ed p ocesses (see Sec ion 4.3)
ha e been se up o check his.
1.2 Documen s uc u e
The documen is o ganized in o ou main sec ions:
• Da a model
• Componen o e iew
• In e ac i e documen a ion
• Da a exchange and o ma s
The da a model o e iew sec ion, Sec ion 2, depic s and desc ibes he cu en s a e o he whole
da a model used in EMERALD. I shall gi e de ailed insigh s in o he in e -componen
ela ionships o he EMERALD da a.
In o de o ha e a mo e abs ac iew and no ge los in he de ails, an o e iew o he
componen s is p o ided in Sec ion 3. This sec ion con ains a subsec ion dedica ed o each
EMERALD componen .
Sec ion 4 desc ibes he deploymen and co e implemen a ion o he in e ac i e documen a ion
app oach used o sha e he da a model wi hin he EMERALD p ojec . The e a e h ee
subsec ions, s a ing wi h a sec ion desc ibing Plan UML and how i is used o c ea e he
diag ams. This is ollowed by a desc ip ion o he web se ice. Finally, he p ocess on e sioning
and upda ing he diag ams is desc ibed.
Sec ion 5 desc ibes he di e en o ma s used in he p ojec and how he componen s
communica e. The deli e able is summa ized in Sec ion 6.
Finally, he cu en elease o he in e ac i e documen a ion can be ound in he APPENDIX:
Release 1.0.9 o A chi ec u e and Da a Modelling .
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 9 o 39
www.eme ald-he.eu
2 Da a Model O e iew
This sec ion desc ibes he cu en e sion o he EMERALD da a model. The model desc ibes he
di e en da a classes as well as hei connec ions wi hin and be ween componen s. The goal is
o p o ide insigh s o de elope s and use s o he EMERALD amewo k. The e o e, he da a
diag am is p esen ed in an in e ac i e sys em
1
ha is explained in mo e de ail in Sec ion 4. The e
a e di e en abs ac ion laye s, o allow o a “d ill down” on he de ails.
Figu e 1 shows he esul ing da a model o he whole EMERALD amewo k
2
. I depic s each
componen in a sepa a e box, whe eas he backg ound colou deno es he EMERALD wo k
package o which i is ela ed. E idence collec ion componen s (WP2) a e colou ed in o ange,
and WP3 componen s a e colou ed in eal. Each componen box con ains he da a classes ha
a e ele an o o he de elope s and in e -componen communica ion. Componen speci ic
in o ma ion can be ound in he espec i e subsec ion o Sec ion 3.
This e sion o he da a model is loosely based on he da a model ha was c ea ed in a simila
p edecesso p ojec called MEDINA
3
- he MEDINA da a model was epo ed in deli e able D5.2
4
.
The EMERALD p ojec uses some o he componen s ha we e pa o he MEDINA da a model
– such he E idence S o e, he O ches a o , he Reposi o y o Con ols and Me ics (RCM) and
he T us wo hiness Sys em. Da a classes ela ed o componen s no ele an o EMERALD we e
excluded.
Please no e ha he Ques ionnai e is a subcomponen o he RCM and is he e o e shown wi h
a dedica ed box in Figu e 1. Howe e , as he Ques ionnai e da a model is qui e la ge, i is no
shown in Figu e 1 bu in he RCM componen o e iew (see Figu e 10).
1
h ps://models.eme ald.digi al. ecnalia.de /
2
Please no e ha an enla ged iew o he EMERALD da a model is a ailable in APPENDIX: Release 1.0.9
o A chi ec u e and Da a Modelling.
3
h ps://medina-p ojec .eu/
4
h ps://medina-p ojec .eu/wp-
con en /uploads/2023/05/MEDINA_D5.2_MEDINA_Requi emen sDe ailed_a chi ec u eDe Ops_in as
uc u e_ 2_ 1.0.pd
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 16 o 39
www.eme ald-he.eu
Figu e 5. O e iew o he Cloudi o -Disco e y componen da a model

D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 17 o 39
www.eme ald-he.eu
Lis ing 1. Example o Vi ual Machine p ope ies
3.1.4 Codyze
The Codyze componen is a s a ic sou ce code analysis ool which analyses sou ce code o
applica ions comp ising Cloud se ices and assesses secu i y- ele an implemen a ion de ails.
The analysis epo p esen s implemen a ion de ails ha mee o espec i ely iola e speci ied
secu i y equi emen s. As pa o a CI/CD pipeline, Codyze ac s as a quali y and compliance ga e
allowing only he deli e y o applica ions ha mee secu i y equi emen s and p e en ing i
o he wise. Each upda e o he applica ion’s sou ce code o new elease can igge an execu ion
o he CI/CD pipeline and he eby Codyze. In addi ion, manual o scheduled assessmen s a e
possible.
Codyze is de eloped in Ko lin
7
and uses a g aph-based ep esen a ion o sou ce code u ilizing
he concep o a code p ope y g aph. The esul ing ep esen a ion is la gely p og amming
language agnos ic. Thus, i acili a es he implemen a ion o gene ic, eusable sou ce code
7
h ps://en.wikipedia.o g/wiki/Ko lin_(p og amming_language)
message Vi ualMachine {
op ion ( esou ce_ ype_names) = "Vi ualMachine";
op ion ( esou ce_ ype_names) = "Compu e";
op ion ( esou ce_ ype_names) = "CloudResou ce";
op ion ( esou ce_ ype_names) = "Resou ce";
google.p o obu .Times amp c ea ion_ ime = 2132;
s ing id = 15888 [(bu . alida e. ield). equi ed = ue];
bool in e ne _accessible_endpoin = 11229;
map<s ing, s ing> labels = 12634;
s ing name = 5434 [(bu . alida e. ield). equi ed = ue];
// The aw ield con ains he aw in o ma ion ha is used o
ill in he ields o he on ology.
s ing aw = 17236;
Ac i i yLogging ac i i y_logging = 17610;
Au oma icUpda es au oma ic_upda es = 7698;
epea ed s ing block_s o age_ids = 14852;
Boo Logging boo _logging = 4303;
Enc yp ionInUse enc yp ion_in_use = 5839;
GeoLoca ion geo_loca ion = 17337;
Malwa eP o ec ion malwa e_p o ec ion = 5352;
epea ed s ing ne wo k_in e ace_ids = 150;
OSLogging os_logging = 14872;
epea ed Redundancy edundancies = 11599;
Remo eA es a ion emo e_a es a ion = 16051;
op ional s ing pa en _id = 7061;
Resou ceLogging esou ce_logging = 17205;
UsageS a is ics usage_s a is ics = 4834;
}
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 18 o 39
www.eme ald-he.eu
analysis echniques. Cu en ly, Codyze suppo s he p og amming languages C, C++, Ja a, Go
and Py hon.
Wi hin EMERALD, Codyze in e ac s wi h he O ches a o o o ches a e i s analysis, and epo s
i s indings as e idence o he E idence S o e (see Figu e 6). The eby, Codyze gene a es an
analysis epo in SARIF
8
(CodyzeSa i ). This epo con ains aw e idence om Codyze’s analysis,
which is pe sis ed o he E idence S o e o acili a e u he analysis ex e nally o Codyze.
Mo eo e , Codyze p ocesses he indings in he SARIF epo in o e idence o he EMERALD
amewo k. Each inding is con e ed in o a CodyzeE idence ha iden i ies he analysed Cloud
Se ice (cloudSe iceId), speci ies he analysed esou ce ( esou ce), links i o he unde lying
SARIF epo (sa i Id), classi ies he inding acco ding o he EMERALD on ology (on ologyRe )
and summa izes he esul ( esul ).
De ails on he app oach o he Codyze componen and i s ela ed Task 2.2 will be epo ed in
dedica ed deli e ables D2.2 “Sou ce E idence Ex ac o – 1” (M12) and D2.3 “Sou ce E idence
Ex ac o – 2” (M24).
Figu e 6. Codyze componen o e iew
3.1.5 eknows
The eknows componen – based on a pla o m o mul i-language e e se enginee ing and
documen a ion gene a ion – ex ac s e idence om sou ce code iles. The sou ce code iles a e
collec ed om he Cloud Se ice en i onmen a ce ain poin s in ime. A se o p ede ined
igge s will be a ailable (e.g., once a week/mon h/e c., o upon changes) o con igu e he poin s
in ime acco ding o he espec i e use case. eknows s o es he collec ed iles, as well as ele an
me ada a ela ed o he sou ces (e.g., om code eposi o ies) and me ics.
eknows uses s a ic code analysis o ex ac e idence. The Ja a-based so wa e pla o m p o ides
a modula , ex ensible se o so wa e componen s o (i) sou ce code pa sing using language-
8
S a ic Analysis Resul s In e change Fo ma (SARIF), h ps://docs.oasis-open.o g/sa i /sa i / 2.1.0/sa i -
2.1.0.h ml
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 19 o 39
www.eme ald-he.eu
speci ic on ends (cu en ly mo e han 16 p og amming languages, including Ja a and Py hon)
(ex ac ion), (ii) ans o ma ion o pa sed sou ce code in o a gene ic abs ac syn ax ee
(GASTM), (iii) s uc u al and language-independen analysis o secu i y- ela ed in o ma ion, and
(i ) epo ing o analysis esul s o secu i y me ics. The ex ac ed and analysed aw e idence
is hen o wa ded o he E idence S o e componen .
A he momen o w i ing, eknows comp ises wo main da a classes (see Figu e 7):
EknowsSou ceCodeFile and EknowsE idence.
EknowsSou ceCodeFile se es as an in e nal ep esen a ion o he sou ce code ile o be
analysed, iden i ied by a unique iden i ie (id). I con ains a ibu es deno ing he eposi o y
om whe e o collec he ile ( eposi o yPa h), he name o he ile ( ilename), he co esponding
Cloud Se ice (cloudSe iceId), he gene a ed abs ac syn ax ee (AST) model o he pa sed
sou ce code (compila ionUni ), and u he me ada a, such as he modi ica ionDa e.
EknowsE idence is he in e nal ep esen a ion o he ex ac ed da a o he sou ce code ile
( ileId). This is c ea ed o a secu i y me ic (me icId) du ing he ex ac ion p ocess. The
e idence esul ( esul ) is s o ed in he EknowsE idence class, as well as closely ela ed
a ibu es, such as lineO Code o analyze Ve sion. The in e nal da a class o eknows will change
in he nex ew mon hs, acco ding o he equi emen s de ined o he Eme aldUI in D4.1 [3]
and u he needs o he pilo pa ne s.
EknowsE idence is ela ed o he O ches a o (Cloud Se ice) and he E idence S o e
(assessmen esul s, aw e idence). EknowsSou ceCodeFile is ela ed o he O ches a o (Cloud
Se ice). The in o ma ion om eknows can be accessed ia APIs (Ja a, REST and/o CLI
(Command Line In e ace)) and used ia he upcoming Eme aldUI.
De ails on he app oach o he eknows componen and i s ela ed Task 2.2 will be epo ed in
dedica ed deli e ables D2.2 “Sou ce E idence Ex ac o – 1” (M12) and D2.3 “Sou ce E idence
Ex ac o – 2” (M24).
Figu e 7. O e iew o he eknows componen da a model
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 20 o 39
www.eme ald-he.eu
3.2 T us wo hiness Sys em (TWS) Da a Model
The TWS componen secu ely s o es he in o ma ion and associa ed me ada a o e idence and
assessmen esul s on he Blockchain o be able o gua an ee i s in eg i y and anspa ency
h ough he Eme aldUI.
Due o he use o Blockchain, sensi i e in o ma ion such as e idence and assessmen esul s a e
no s o ed and jus a summa y o hem is eco ded on he Blockchain h ough iden i ie s and
hashes. In ac , in he case o assessmen esul s, wo di e en hashes a e included: he
assessmen esul i sel and he compliance commen s. The e idence and assessmen esul
hemsel es a e kep in a local s o age - E idence S o e and Assessmen componen s
espec i ely.
In addi ion, TWS also eco ds me ada a in o ma ion o p o ide some con ex . In he case o
e idence, hey a e usually ela ed o speci ic Cloud Se ices (cloudSe iceId) and he cloud
esou ces o which hey e e ( esou ceId). In he case o an Assessmen Resul , he equi emen
o which i e e s ( equi emen Id), and he associa ed e idence iden i ie s conside ed in he
assessmen (e idenceIds) a e also s o ed. Finally, o bo h e idence and assessmen esul s,
eco ding in o ma ion abou he imes amp when hey we e c ea ed ( imes amp) is also use ul.
As a esul , Figu e 8 summa ises he cu en da a model o e idence (T us wo hyE idence) and
assessmen esul s (T us wo hyAssessmen Resul ) o be eco ded on he Blockchain-based
TWS. I also shows he in e ac ions wi h o he componen s: i) wi h he Assessmen componen ,
which p o ides in o ma ion o be eco ded in he TWS, and om whe e he TWS e ie es he
ac ual e idence and assessmen esul s o alida e hei in eg i y; ii) wi h he Eme aldUI, which
p o ides a g aphical in e ace o use s o au oma ically alida e he in eg i y s a us o he
E idence and Assessmen Resul s.
De ails on he app oach o he TWS componen and i s ela ed Task 3.5 ha e been epo ed in
D3.1 [4].
Figu e 8. O e iew o he T us wo hiness Sys em componen da a model
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 21 o 39
www.eme ald-he.eu
3.3 Mapping Assis an o Regula ions wi h In elligence (MARI) Da a
Model
MARI – Mapping Assis an o Regula ions wi h In elligence - is he componen ha using Deep
Lea ning and s a e-o - he-a NLP ools is able o c ea e an au oma ic associa ion be ween:
• A secu i y con ol and a secu i y me ic
• Two secu i y con ols om wo di e en ce i ica ion schemes.
MARI is based on he p e ious wo k in MEDINA's Me ic Recommende
9
[5], which ook he
desc ip ion o an EUCS secu i y equi emen in na u al language, he desc ip ion o a lis o
me ics, again in na u al language, and as a esul e u ned he lis o me ics in descending o de
o ele ance. To do his, he ex ual desc ip ions o he me ics and equi emen s a e
ans o med in o ea u e ec o s by p e- ained models (in pa icula , he bes associa ion
esul s in MEDINA we e ob ained wi h as Tex
10
). A K-d ee is compu ed on he ea u e ec o s
o he me ics, which can be used o selec he k closes neighbou s o he equi emen ec o ,
based on he sho es Euclidean dis ance. Thus, we we e able o ob ain a me ic- equi emen
associa ion.
A he ime o w i ing, he de elopmen o MARI is ocused on he in e nal a chi ec u e a he
han on in e ac ions wi h o he EMERALD componen s. Also, we a e conside ing di e en
clus e ing echniques and di e en embedding p oduc ion echniques. We will also ex end he
MARI unc ionali ies o deal wi h mo e ce i ica ion schemes (in ac , he au oma ic associa ion
be ween con ols om di e en schemes is a no el y o EMERALD), and as pe he wo k
desc ip ion, we will de elop di e en s a egies o wo k wi h (e.g., ake a subse o me ics ha
a e use ul o ge a ce ain le el o ce i ica ion).
Figu e 9 shows a i s app oach o he MARI da a model., based on he EUCS scheme [6]. The
RCM da a classes Secu i yMe ic and Secu i yRequi emen a e aken as inpu o p oduce wo
new da a classes, Secu i yRequi emen sAssocia ion and Me icRequi emen Associa ion. These
associa ions a e he esul s o MARI p ocessing. Please no e ha his da a model is subjec o
change in he coming eleases due o he in oduc ion o o he ce i ica ion schemes.
In addi ion, a e ined in e nal da a class, da a s o age, and calls o he componen will be
e iewed o e he coming mon hs, bo h based on equi emen s om o he componen s ha
MARI in e ac s wi h, and as he componen e ol es. De ails on he app oach o MARI
componen and i s ela ed Task 3.3 ha e been epo ed in D3.1 [4].
9
h ps://gi .code. ecnalia.com/medina/public/nl2cnl- ansla o
10
h ps:// as ex .cc/

D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 22 o 39
www.eme ald-he.eu
Figu e 9. O e iew o he MARI componen da a model
3.4 Reposi o y o Con ols and Me ics (RCM) Da a Model
The Reposi o y o Con ols and Me ics (RCM) p o ides a cen al poin in EMERALD amewo k
whe e he ce i ica ion schemes a e s o ed and managed. The eposi o y can con ain di e en
schemes and includes a comple e in o ma ion o each scheme, wi h he co esponding
ca ego iza ion.
A i s app oach o he RCM in e nal da a model is based on he EUCS scheme [6] (see Figu e
10)
11
, while i is subjec o change in he coming eleases due o he in oduc ion o o he
schemes (e.g., BSI C5
12
o AIC4
13
a e some o eseen ones). Because o his, he p incipal da a
classes implemen ed in he RCM a e Secu i yCon olF amewo k, Secu i yCa ego y,
Secu i yCon ol and Secu i yRequi emen , ha e lec he o ganiza ion o he EUCS amewo k.
Along wi h hese, some o he auxilia y en i ies a e implemen ed, such as Simila Con ols – o
suppo mapping among con ols o di e en schemes - and Implemen a ionGuidelines – o help
he use wi h he implemen a ion o he equi emen s. RCM also inco po a es he de ini ion o
he Secu i yMe ic class used in EMERALD o de ine wha o measu e o assess he collec ed
e idence.
The RCM classes ha e in e ac ions wi h o he EMERALD componen s as ollows:
11
Please no e ha an enla ged iew o he RCM da a model is a ailable in APPENDIX: Release 1.0.9 o
A chi ec u e and Da a Modelling.
12
h ps://www.bsi.bund.de/Sha edDocs/Downloads/EN/BSI/CloudCompu ing/ComplianceCon olsCa al
ogue/2020/C5_2020.pd ?__blob=publica ionFile& =3
13
h ps://www.bsi.bund.de/Sha edDocs/Downloads/EN/BSI/CloudCompu ing/AIC4/AI-Cloud-Se ice-
Compliance-C i e ia-Ca alogue_AIC4.h ml
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 23 o 39
www.eme ald-he.eu
• Secu i yCon olF amewo k, Secu i yCon ol, Secu i yMe ic and Secu i yRequi emen
a e ela ed wi h he O ches a o , which needs also o in e nally manage he schemes.
• Secu i yMe ic is also ela ed wi h he AMOE and he Assessmen componen s.
• Secu i yMe ic and Secu i yRequi emen a e also sha ed wi h he MARI componen .
Ano he unc ionali y o e ed by he RCM is a Ques ionnai e o p o ide use s he possibili y o
pe o m a sel -assessmen o check compliance wi h he EUCS scheme. The Ques ionnai e-
ela ed da a classes, which a e enclosed in a box in he diag am (see Figu e 10), a e as ollows:
Ques ionnai e, Ques ionnai ePu pose, Ques ionnai eLe el, Ques ion, Ques ionnai eAnswe ,
Ques ionnai eNonCon o mi ies, and jhiUse . All hese en i ies a e de o ed o (i) Implemen
se e al ques ions pe equi emen , (ii) manage he esponses gi en; (iii) calcula e he esul s o
his speci ic use , and (i ) o e he deg ee o compliance wi h he EUCS scheme ega ding he
selec ed assu ance le el.
Finally, he Eme aldUI componen is also ela ed wi h he da a en i ies used in he RCM in o de
o p o ide he inal use wi h a g aphical iew o he schemes con ained in he RCM and all he
associa ed in o ma ion.
De ails on he app oach o he RCM componen and i s ela ed Task 3.2 ha e been epo ed in
D3.1 [4].
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 24 o 39
www.eme ald-he.eu
Figu e 10. O e iew o he RCM componen da a model
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 25 o 39
www.eme ald-he.eu
3.5 O ches a o Da a Model
The O ches a o is he cen al managemen and o ches a ion componen in EMERALD. I s
main pu pose is o hold all dynamic in o ma ion abou he cu en audi p ocess, such as he
Ta ge O E alua ions, he e alua ed Cloud Se ices, all Assessmen Resul s, and he inal
Ce i ica e s a e (see Figu e 11). Fu he mo e, i e ches s a ic da a om he RCM, such as he
a ailable schemes and i s associa ed me ics. Fo pe o mance easons his da a
(Secu i yCon olF amewo k, Secu i yCon olCa ego y, Secu i yCon ol, Secu i yRequi emen and
Secu i yMe ic) is cached in he O ches a o . The mos impo an dynamic da a classes a e:
• CloudSe ice, which holds he logical ep esen a ion o a single se ice, which aims o
be ce i ied.
• Ta ge O E alua ion, which akes an exis ing cloud_se ice_id and combines i wi h one
dedica ed secu i y ca alogue o p oduce a Ce i ica e.
• Ce i ica e, which is he da a class ep esen ing di e en s a es and is ela ed o he
E alua ionResul s.
• Con ol, which is he neu al ep esen a ion o ei he a con ol, equi emen o objec i e
( his de ini ion o Con ol is simila o he e m de ined in OSCAL
14
). Since e e y
Secu i yCon olF amewo k/secu i y scheme uses di e en names, he O ches a o
no malizes hem in he Con ol da a class. In addi ion, each Con ol can ha e sub-
con ols, which allows o include di e en Secu i yCon olF amewo ks in EMERALD.
De ails on he app oach o he O ches a o componen and i s ela ed Task 3.1 ha e been
epo ed in D3.1 [4].
14
h ps://pages.nis .go /OSCAL/ esou ces/concep s/ e minology/#con ol
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 32 o 39
www.eme ald-he.eu
using ex -based diag ams and gi + Gi Lab
21
). Di e en e sions o he diag ams can be s o ed
in commi s, and me ge eques s can be c ea ed o deal wi h changes o he diag ams.
The p ocess o add changes o he da a model was de ined as ollows: majo changes a e
comple ed in a sepa a e b anch – when inished, a me ge eques should be c ea ed in he
EMERALD Gi Lab and he changes will be e iewed o check o inconsis encies and b eaks o
he in e ac i e, web-se ice-based deploymen . A e he e iew, he new e sion will be
me ged, which igge s he build pipeline and a new elease will be deployed o he EMERALD
Kube ne es clus e . The la es elease e sion o he diag ams will hen be a ailable o all
de elope s and can be e ie ed a h ps://models.eme ald.digi al. ecnalia.de /. I he e a e any
p oblems, o addi ional diag ams a e needed, Gi lab’s issue unc ionali y can be used o
documen , communica e and coo dina e he equi ed changes.
21
h ps://gi lab.com/

D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 33 o 39
www.eme ald-he.eu
5 Da a Exchange and Fo ma s
This sec ion p o ides a sho o e iew o he planned da a exchange app oach, as well as he
o ma s used. Al hough all EMERALD componen s use di e en da a ypes, hey all
communica e in a s anda dized way and o ma , which speeds up de elopmen , as componen s
do no need o build special da a connec o s o di e en ools.
5.1 In e ac ion mechanisms be ween componen s
The in e ac ion be ween he componen s will be implemen ed using REST
22
– ep esen a ional
s a e ans e . Each componen is using and/o se ing REST-APIs ha a e documen ed in he
OpenAPI
23
speci ica ion iles. This helps de elope s o sha e he di e en endpoin s and allows
o code o clien in e aces o be gene a ed. Some componen s may also o e gRPC
connec ions (Remo e P ocedu e Call amewo k by Google) o sha e da a be ween closely
ela ed componen s such as E idence S o e and Assessmen .
The mos common o ma o REST-API will be JSON
24
, as i allows o easy access o a ibu e-
alue pai s and a ays. In EMERALD, some componen s a e based on he p edecesso e sions
de eloped in MEDINA and ha e exis ing APIs ollowing he same app oach. These APIs can be
ex ended and adjus ed o he needs o he EMERALD amewo k.
Lis ing 2 shows he JSON o a piece o e idence ha is sen om AMOE o he E idence S o e.
Simila ly, Lis ing 3 shows a mo e ex ensi e example o da a ep esen ed in JSON and how i is
used by some EMERALD componen s, such as Cloudi o -Disco e y.
22
h ps://en.wikipedia.o g/wiki/REST
23
h ps://en.wikipedia.o g/wiki/OpenAPI_Speci ica ion
24
h ps://en.wikipedia.o g/wiki/JSON
{
"id":"b11a1b4b-4c -4135-a bb- 6e30364d881",
" imes amp":"2024-06-26T18:23:45.123456",
"cloud_se ice_id":"3 1c2e4c-8bd5-45d1-a6a3-0 9a9a8e4d35",
" ool_id":"amoe",
" aw":"passwo d mus con ain mo e han 15 cha ac e s",
" esou ce": {"id":"165483"," ype":["PolicyDocumen "]}
}
Lis ing 2. AMOE e idence in JSON
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 34 o 39
www.eme ald-he.eu
Some componen s will o e da a impo / expo unc ionali y. The Reposi o y o Con ols and
Me ics is planning o allow impo o secu i y schemes using he OSCAL
25
o ma . The API
desc ip ion and mo e de ails on he o ma will be desc ibed in he u u e deli e able D3.3
“E idence assessmen and Ce i ica ion–Implemen a ion- 1” (M12). The OSCAL o ma allows
di e en ile ypes and da a o ma s such as YAML
26
and JSON. Lis ing 4 shows a en a i e
example o he mapping o an EUCS Requi emen in OSCAL. I can be seen how he pa s o he
Con ol (ops-02) a e speci ied using he OSCAL elemen s ”id”, “ i le”, ”p ope ies”, and also wi h
25
h ps://pages.nis .go /OSCAL/
26
h ps://en.wikipedia.o g/wiki/YAML
{
"id":
"/subsc ip ions/XXXXX/ esou ceg oups/democloudi o happy/p o ide s/mic oso
.s o age/s o ageaccoun s/democloudi o diagnos ics",
"cloudSe iceId": "00000000-0000-0000-0000-000000000000",
" oolId": "Cloudi o E idences Collec ion",
"p ope ies": {
"@ ype":
" ype.googleapis.com/cloudi o .on ology. 1.Objec S o ageSe ice",
"c ea ionTime": "2023-07-09T10:35:18.246911100Z",
"id":
"/subsc ip ions/XXXXX/ esou ceg oups/democloudi o happy/p o ide s/mic oso
.s o age/s o ageaccoun s/democloudi o diagnos ics",
"labels": {
"owne ": "cloudi o "
},
"name": "democloudi o diagnos ics",
" aw": "/*...*/",
"geoLoca ion": {
" egion": "wes eu ope"
},
"h pEndpoin ": {
"u l":
"h ps://democloudi o diagnos ics.[ ile,blob].co e.windows.ne /",
" anspo Enc yp ion": {
"enabled": ue,
"en o ced": ue,
"p o ocol": "TLS",
"p o ocolVe sion": 1.2,
"ciphe Sui es": []
}
},
"pa en Id":
"/subsc ip ions/XXXXX/ esou ceg oups/democloudi o happy"
}
}
Lis ing 3. Cloudi o example e idence in JSON
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 35 o 39
www.eme ald-he.eu
”pa s” and ”p ose”; he Requi emen s a e implemen ed wi h “pa s” wi hin he uppe “pa s”
o Con ol. The Requi emen ID (OPS-02.3) is speci ied wi h “p ope ies”, and he equi emen
i sel wi h “p ose”.
5.2 Sequence diag ams
To illus a e he in e ac ions be ween he componen s, sequence diag ams will be c ea ed and
ex ended in he u u e wo k o Task 1.1. Addi ional documen a ion will be p o ided which can
be included in he in e ac i e Plan UML diag ams. A he ime o w i ing his deli e able, he
"con ols": [
{
"id": "ops-02",
" i le": "CAPACITY MANAGEMENT - MONITORING",
"p ope ies": [
{
"name": "label",
" alue": "OPS-02"
}
],
"pa s": [
{
"id": "ops_02_obj",
"name": "con ol-objec i e",
"p ose": "The capaci ies o c i ical esou ces such as
pe sonnel and IT esou ces a e moni o ed."
},
{
"id": "ops-02_sm ",
"name": "s a emen ",
"pa s": [
{
"id": "ops-02_sm .3",
"name": "i em",
"p ope ies": [
{
"name": "label",
" alue": "OPS-02.3"
}
],
"p ose": "The p o isioning and de-p o isioning o
cloud se ices shall be au oma ically moni o ed o gua an ee ul ilmen o
OPS-02.1"
}
]
}
]
}
]
Lis ing 4. A EUCS Requi emen mapping in OSCAL
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 36 o 39
www.eme ald-he.eu
sequence diag ams o AMOE and eknows ha e al eady been in eg a ed in o he diag am
collec ion. The sequence diag ams will be included in u u e deli e ables o EMERALD WP1, in
pa icula in D1.3 “EMERALD solu ion a chi ec u e- 1” (M12) and D1.4 “EMERALD solu ion
a chi ec u e- 2” (M24).
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 37 o 39
www.eme ald-he.eu
6 Conclusions
This documen p o ides an o e iew o he o e all EMERALD da a model, as well as a mo e
de ailed iew o he componen da a models. The gene al da a model is loosely based on he
da a model o he p edecesso p ojec MEDINA. Howe e , o inc ease he TRL o he eused
MEDINA componen s and adjus hem o he EMERALD amewo k, all componen diag ams
ecei ed upda es. Fu he mo e, i was ex ended wi h addi ional componen s, such as AI-SEC o
eknows.
The da a model is p esen ed in a web se ice, o allow in e ac i e in es iga ion o he di e en
diag ams. The diag ams a e based on ex ins uc ions using Plan UML and hen ende ed in SVG
iles. This allows he diag ams o be e sioned and he a ious unc ionali ies o he EMERALD
Gi Lab eposi o y can be used o manage and coo dina e he upda es. The basic idea o his
in e ac i e documen a ion is o s a wi h an abs ac o e iew (landing page) and hen d ill
down o he di e en componen s o in e es . The di e en classes and componen s o he
diag ams can be clicked/ho e ed o na iga e and highligh di ec connec ions.
Finally, his deli e able desc ibes he main da a o ma ha will be used o da a exchange
be ween EMERALD componen s and ex e nal sou ces – JSON. To p o ide mo e insigh , an
example o AMOE and Cloudi o -Disco e y e idence ha e been p o ided. The Reposi o y o
Con ols and Me ics (RCM) will p o ide impo /expo unc ionali y o secu i y schemes in
OSCAL o ma – o which a JSON example was also p o ided.
The da a diag ams will be upda ed acco ding o he needs and changes o he di e en
componen s. These changes will be subjec o he desc ibed p ocesses in his deli e able, sha ed
wi h he conso ium in di e en e sion eleases, and deployed in he EMERALD Kube ne es
in as uc u e. The upda es will be collec ed and desc ibed in a second e sion o his deli e able
(D1.2 – Da a modelling and in e ac ion mechanisms 2), planned o be submi ed in M18 o he
p ojec (end o Ap il 2025).

D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 38 o 39
www.eme ald-he.eu
7 Re e ences
[1]
EMERALD Conso ium, “EMERALD - Annex 1 - Desc ip ion o Ac ion - GA 101120688,” 2022.
[2]
EMERALD Conso ium, “D2.1 G aph On ology o E idence S o age,” 2024.
[3]
EMERALD Conso ium, “D4.1 Resul s o he UI-UX equi emen s analysis and he wo k
p ocesses– 1,” 2024.
[4]
EMERALD Conso ium, “D3.1 E idence assessmen and Ce i ica ion–Concep s- 1,” 2024.
[5]
MEDINA Conso ium, “D5.5 MEDINA in eg a ed solu ion- 3,” 2023. [Online]. A ailable:
h ps://medina-p ojec .eu/wp-con en /uploads/2023/09/MEDINA_D5.5_MEDINA-
in eg a ed-solu ion- 3_ 1.0.pd . [Accessed July 2024].
[6]
ENISA, “EUCS - Cloud Se ices Scheme,” [Online]. A ailable:
h ps://www.enisa.eu opa.eu/publica ions/eucs-cloud-se ice-scheme. [Accessed July
2024].
D1.1 – Da a Modelling and in e ac ion mechanisms – 1 Ve sion 1.0 – Final. Da e: 31.07.2024
© EMERALD Conso ium Con ac No. GA 101120688 Page 39 o 39
www.eme ald-he.eu
APPENDIX: Release 1.0.9 o A chi ec u e and Da a Modelling
In o de o allow he eade s o his documen o consul he documen a ion and da a model
hemsel es, he cu en e sion o he iles ha e been a chi ed in a zip ile. The con en s a e
images o he di e en da a models, as well as a webpage o aid in na iga ion. The 1.0.9 elease
e sion o he in e ac i e documen a ion is a ailable he e: D1.1 Appendix Release 1.0.9 o
A chi ec u e and Da a Modelling
To open he in e ac i e documen a ion locally, you need o ex ac he zip ile. Then na iga e o
he “a chi ec u e_and_da a_model” olde and open he index.h ml ile in a common web
b owse .