Feature Complete RC4
Release Notes MUSES
Copyright (C) 2013 - 2014 Sweden Connectivity
Date: 20140807
Release: Muses Feature Complete
Binaries
Muses Client
Git: 4dcc6d690ad97153eb07a9e4f279bbc97a074c4d
File: MusesClient.apk
MusesAwareApp
Git: 3995e7321d743358298f87e1657f6cbfb791e386
File: MusesAwareApp.apk
common
Git: 9302d93084239a3b49caa1dc69c8af6534d61d14
File: common-0.0.1-SNAPSHOT.jar
server
Git: c9ff1b4000e7097d63b42df0cff8d98f3da405aa
File: server-0.0.1-SNAPSHOT.war
Fixes
- Code quality improved (Client/Server=> Connection Manager package) and test coverage improved Connection Manager Server
Issues
- Tomcat stops responding after a while then need to be restarted.
- Log4j stops logging after a while (most probably above tomcat problem causing it)
- Mail sensor does not work with tabs.
- No policy received from server for virus found event.
- No policy received for email event (fake or gmail compose email)
Coverage
- 30.3% coverage for server project (1 failure)
- No test coverage for common project
- 35.1% (No failures)
Code quality
- Server : Rules Compliance 80.5%, Violations 644
- Common : Rules Compliance 92.4%, Violations 58
- Client : Lint: 70 issues.
Feature List MUSES
| UC 1 states: “Check of the end user terminal before granting access to company sensitive data on the company intranet” | ||||
|---|---|---|---|---|
| Ref: | Feature description | Prototype | Status | Delta |
| F1:1 | Grant/deny access to company sensitive information | 1 | Open | 3% |
| F1:2 | Check user device's security level | 1 | Open | 50% |
| F1:3 | Check user past usage patterns | 1 | Open | 20% |
| F1:4 | Check connection properties | 1 | Done | 0% |
| F1:5 | Evaluation of device trust level | 2 | Open | 0% |
| F1:6 | Provide ad hoc suggestions to the user | 1 | Done | 0% |
| F1:7 | MUSES checks if end user is connected to the company Intranet | 1 | Done | 0% |
| F1:8 | MUSES checks Wi-Fi is unsecure | 1 | Done | 0% |
| F1:9 | MUSES perform risk analysis. Risk analysis is based on continuously updating the measures of trust levels. | 1 | Done | 0% |
| F1:10 | MUSES provides authentication | 1 | Done | 30% |
| UC 2 states: “Check of the end user terminal before granting access to company sensitive data from the Internet” | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| F2:1 | Check potentially unsafe communication settings | 1 | Done | 0% |
| F2:2 | Check existence of additional protection features (VPN,…) | 1 | Done | 0% |
| F2:3 | Provide ad hoc suggestions to the user: Migrate to a secure network connection | 1 | Done | 0% |
| F2:4 | Detection of sensible data insertion (PIN, passwords,…) | 1 | Done | 0% |
| F2:5 | Evaluation of current security and risk level | 1 | Done | 0% |
| F2:6 | Propose a possible insertion and data transmission method (private place, Setup SSL connection) | 1 | Open | 100% |
| F2:7 | Performs all the checks necessary to evaluate the context and uses the results against the company policies associated to the requested asset | 2 | Open | 100% |
| F2:8 | Grant/deny access to company sensitive information | 1 | Done | 0% |
| F2:9 | MUSES dynamically perform risk analysis. Risk analysis is based on continuously updating the measures of trust levels. | 1 | Done | 0% |
| UC 3 states: “Dynamic data aggregation within the company intranet” | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| F3:1 | Generate specific hints (advices) | 1 | Open | 60% |
| F3:2 | Detect asset's sensitivity level | 2 | Open | 100% |
| F3:3 | Detection of data aggregation from different sources | 1 | Open | 100% |
| F3:4 | Check risk of data combination | 1 | Open | 100% |
| F3:5 | Grant/deny access to requested data | 1 | Done | 0% |
| F3:6 | Removes sensible information stored into the terminal if the device is not safe. | 1 | Done | 25% |
| F3:7 | Assign value to assets | 1 | Open | |
| F3:8 | Perform risk analysis with regard to User's past behaviour | 1 | Open | 0% |
| UC 4 states: “Dynamic data aggregation from the Internet” | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| F4:1 | Change Policy. (A trusted user and terminal remotely change a document policy. A policy is an Asset) | 1 | Open | |
| F4:2 | Configuration enforcement | 1 | Open | 100% |
| F4:3 | Performs more strict evaluation of the device environment | 1 | Open | |
| F4:4 | Actively monitors terminal's configuration within the trusted state | 1 | Done | 100% |
| F4:5 | Detects a change of configuration in the system and reverts the terminal to the non-trusted status | 1 | Open | 100% |
| UC 5 states: “Check-up of the connected terminals/end points (still previously connected)” | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| F5:1 | Detection of terminal corruption | 1 | Open | 100% |
| F5:2 | Analyse risk of having two active editing sessions on the same asset (Removed from scope matrix) | 1 | Open | 100% |
| F5:3 | Understanding the risk that a cross contamination could have happened in the past or is still present | 1 | Open | 100% |
| F5:4 | Evaluating the security levels and the interaction models among the devices | 1 | Open | |
| F5:5 | Suspending the task until the terminal has been verified and possibly cleaned | 1 | Open | |
| F5:6 | Invokes cleaning of the stored assets (If no other solution available) | 2 | Open | 100% |
| F5:7 | Keep track of all opened and closed assets, multiple devices, Users | 2 | Open | |
| UC 6 states: “A non-secure mobile terminal is physically moved to a high-security area” | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| F6:1 | Sensing of physical context (GPS, Cell Ids, indoor Wi-Fi) | 1 | Open | 85% |
| F6:2 | Sensing of connected peripherals (USB keys) | 2 | Open | |
| F6:3 | Detection of unsatisfied policy requirements | 1 | Open | 7% |
| F6:5 | Avoids physical violation of an asset | 1 | Open | |
| F6:6 | Enforce the new configuration on the terminal (making sure physical location is secure) | 2 | Open | 13% |
| UC 7 states: “Supply chain partner data exchange” | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| F7:1 | Application installation control | 1 | Open | 16% |
| F7:2 | Application execution control | 1 | Done | 0% |
| F7:3 | Check communication encryption | 1 | Done | 0% |
| F7:4 | Evaluate all communication endpoints (i.e., the company user’s and its supply chain counterparts’ terminals) | 2 | Open | |
| F7:5 | Prevent the sharing of any sensible data to the uncontrolled terminals of the third parties until MUSES is correctly configured | 1 | Done | 0% |
| F7:6 | Directly asks to the user to manually do the changes or ask the permissions to do them automatically | 1 | Open | 87% |
| F7:7 | Verify partner’s Trustability | 2 | Open | 100% |
| The general features are not derived from any Use Case, but are essential for the system. | ||||
| Ref: | Feature description | Prototype | Status | Delta |
| G1:1 | Authenticate user to MUSES | 1 | Done | 0% |
| G1:2 | Authenticate device to MUSES | 1 | Done | 0% |
| G1:3 | Provide a dashboard for MUSES | 2 | Open | |
| G1:4 | Getting information from antivirus on device | 1 | Done | 0% |
| G1:5 | Cooperate with safe storage app on device | 2 | Open | |
| G1:6 | Protect MUSES on device (From tampering) | 1 | Done | 0% |
| G1:7 | Provide secure communication between MUSES Server and Clients | 2 | Open | |
| G1:8 | Monitor location details while trying to access a asset | 2 | Open | |
| G1:9 | Send alerts/messages from MUSES - MUSES alerting system | 2 | Open | |
| G1:10 | Local anti-virus detects the infection and alert MUSES local agent | 2 | Open | |
| G1:11 | Protect the DB on the device (Encrypt policies, rules etc.) | 2 | Open | |
| G1:12 | Set device policies ( Windows: Group policy, Android: Google Apps Device Policy, iOS: Mobile Device Management) | 1 | Open | 16% |
| G1:13 | Knowledge refinement:Detection of new context event combinations/patterns that might be related to existing corporate policies adapting the associated rules or creating new ones to cope with previously uncoded situations. | 2 | Open | |
| G1:14 | Server GUI for Security Policies / Risk Management | 2 | Open | |
| G1:15 | Anonymize data in server | 2 | Open | 100% |
| G1:16 | Register user with MUSES (server and device) | 2 | Open | 33% |
| G1:17 | Log information per component | 2 | Open | 100% |
| G1:18 | Sensor that are not assigned to a Use Case yet | 1 | Open | 20% |
| G1:19 | Get sensor configuration from server | 2 | Open | 66% |
| G1:20 | Server Database setup | 2 | Open | 100% |
| G1:21 | Context aggregation | 1 | Open | 100% |