Release Notes MUSES
Copyright (C) 2013 - 2014 Sweden Connectivity
Date: 20141006
Release: Muses Prototype # 1 RC6 (FINAL)
Binaries
Muses Client
Git: d1b3f20cd3650714026a9a2ad178aaf8a11dcc81
File: MusesClient.apk
MusesAwareApp
Git: 5b52219ad0e5a901af2f3c18211275282eb71108
File: MusesAwareApp.apk
common
Git: cab27ee67ea6b046edd3059a4d44a38f4ca708f6
File: common-0.0.1-SNAPSHOT.jar
server
Git: 7d659bf8122fcb0ad4458e5fcbb2635dc42d805b
File: server-0.0.1-SNAPSHOT.war
Fixes
- Disable screen lock for checking device configuration fixed
- Requires apps installed fixed, now uninstallation receives a policy and shows the feedback
- Folders sensed for opening,saving and receives policy now from non musesaware file explorer.
Issues
- opening blacklist app does not work.
- policies are some times not received on the first attempt.
- path is null in decision maker which causes no feedback shown to the user.
Coverage
- 33.5% coverage for server project (1 failure)
- No test coverage for common project
- 35.1% (No failures)
Code quality
- Server : Rules Compliance 84.1%, Violations 637
- Common : Rules Compliance 91.6%, Violations 75
- Client : Lint: 71 issues.
Feature List
| UC 1 states: “Check of the end user terminal before granting access to company sensitive data on the company intranet” | |||||
|---|---|---|---|---|---|
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F1:1 | Grant/deny access to company sensitive information | 1 | Open | 3% | "Total actions: 62 |
| Left: 4" | |||||
| F1:2 | Check user device's security level | 1 | Open | 50% | "Total actions: 6 |
| Left: 3" | |||||
| F1:3 | Check user past usage patterns | 1 | Open | 20% | "Total actions:5 |
| Left:1" | |||||
| F1:4 | Check connection properties | 1 | Done | 0% | |
| F1:5 | Evaluation of device trust level | 2 | Open | 100% | |
| F1:6 | Provide ad hoc suggestions to the user | 1 | Done | 0% | |
| F1:7 | MUSES checks if end user is connected to the company Intranet | 1 | Done | 0% | |
| F1:8 | MUSES checks Wi-Fi is unsecure | 1 | Done | 0% | |
| F1:9 | MUSES perform risk analysis. Risk analysis is based on continuously updating the measures of trust levels. | 1 | Done | 0% | |
| F1:10 | MUSES provides authentication | 1 | Open | 30% | |
| UC 2 states: “Check of the end user terminal before granting access to company sensitive data from the Internet” | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F2:1 | Check potentially unsafe communication settings | 1 | Done | 0% | |
| F2:2 | Check existence of additional protection features (VPN,…) | 1 | Done | 0% | |
| F2:3 | Provide ad hoc suggestions to the user: Migrate to a secure network connection | 1 | Done | 0% | |
| F2:4 | Detection of sensible data insertion (PIN, passwords,…) | 1 | Done | 0% | |
| F2:5 | Evaluation of current security and risk level | 1 | Done | 0% | |
| F2:6 | Propose a possible insertion and data transmission method (private place, Setup SSL connection) | 1 | Open | 100% | |
| F2:7 | Performs all the checks necessary to evaluate the context and uses the results against the company policies associated to the requested asset | 2 | Open | 100% | |
| F2:8 | Grant/deny access to company sensitive information | 1 | Done | 0% | |
| F2:9 | MUSES dynamically perform risk analysis. Risk analysis is based on continuously updating the measures of trust levels. | 1 | Done | 0% | |
| UC 3 states: “Dynamic data aggregation within the company intranet” | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F3:1 | Generate specific hints (advices) | 1 | Open | 60% | "Total actions:10 |
| Left:6" | |||||
| F3:2 | Detect asset's sensitivity level | 2 | Open | 100% | |
| F3:3 | Detection of data aggregation from different sources | 1 | Open | 100% | |
| F3:4 | Check risk of data combination | 1 | Open | 100% | |
| F3:5 | Grant/deny access to requested data | 1 | Done | 0% | |
| F3:6 | Removes sensible information stored into the terminal if the device is not safe. | 1 | Open | 25% | "Total actions:4 |
| Left:1" | |||||
| F3:7 | Assign value to assets | 1 | Open | 100% | |
| F3:8 | Perform risk analysis with regard to User's past behaviour | 1 | Done | 0% | |
| UC 4 states: “Dynamic data aggregation from the Internet” | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F4:1 | Change Policy. (A trusted user and terminal remotely change a document policy. A policy is an Asset) | 1 | Open | 100% | |
| F4:2 | Configuration enforcement | 1 | Open | 100% | |
| F4:3 | Performs more strict evaluation of the device environment | 1 | Open | 100% | |
| F4:4 | Actively monitors terminal's configuration within the trusted state | 1 | Done | 0% | |
| F4:5 | Detects a change of configuration in the system and reverts the terminal to the non-trusted status | 1 | Open | 100% | |
| UC 5 states: “Check-up of the connected terminals/end points (still previously connected)” | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F5:1 | Detection of terminal corruption | 1 | Open | 100% | "Total actions:2 |
| Left:2" | |||||
| F5:2 | Analyse risk of having two active editing sessions on the same asset (Removed from scope matrix) | 1 | Open | 100% | "Total actions:2 |
| Left:2" | |||||
| F5:3 | Understanding the risk that a cross contamination could have happened in the past or is still present | 1 | Open | 100% | "Total actions:2 |
| Left:2" | |||||
| F5:4 | Evaluating the security levels and the interaction models among the devices | 1 | Open | 100% | |
| F5:5 | Suspending the task until the terminal has been verified and possibly cleaned | 1 | Open | 100% | |
| F5:6 | Invokes cleaning of the stored assets (If no other solution available) | 2 | Open | 100% | "Total actions:2 |
| Left:2" | |||||
| F5:7 | Keep track of all opened and closed assets, multiple devices, Users | 2 | Open | 100% | |
| UC 6 states: “A non-secure mobile terminal is physically moved to a high-security area” | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F6:1 | Sensing of physical context (GPS, Cell Ids, indoor Wi-Fi) | 1 | Open | 85% | "Total actions:7 |
| Left:6" | |||||
| F6:2 | Sensing of connected peripherals (USB keys) | 2 | Open | 100% | |
| F6:3 | Detection of unsatisfied policy requirements | 1 | Open | 7% | "Total actions:14 |
| Left:1" | |||||
| F6:5 | Avoids physical violation of an asset | 1 | Open | 100% | |
| F6:6 | Enforce the new configuration on the terminal (making sure physical location is secure) | 2 | Open | 13% | "Total actions:15 |
| Left:2" | |||||
| UC 7 states: “Supply chain partner data exchange” | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| F7:1 | Application installation control | 1 | Open | 12% | "Total actions:6 |
| Left:1" | |||||
| F7:2 | Application execution control | 1 | Done | 0% | |
| F7:3 | Check communication encryption | 1 | Done | 0% | |
| F7:4 | Evaluate all communication endpoints (i.e., the company user’s and its supply chain counterparts’ terminals) | 2 | Open | 100% | |
| F7:5 | Prevent the sharing of any sensible data to the uncontrolled terminals of the third parties until MUSES is correctly configured | 1 | Done | 0% | |
| F7:6 | Directly asks to the user to manually do the changes or ask the permissions to do them automatically | 1 | Open | 87% | "Total actions:8 |
| Left:7" | |||||
| F7:7 | Verify partner’s Trustability | 2 | Open | 100% | |
| The general features are not derived from any Use Case, but are essential for the system. | |||||
| Ref: | Feature description | Prototype | Status | Delta | Comments |
| G1:1 | Authenticate user to MUSES | 1 | Done | 0% | |
| G1:2 | Authenticate device to MUSES | 1 | Done | 0% | |
| G1:3 | Provide a dashboard for MUSES | 2 | Open | 100% | |
| G1:4 | Getting information from antivirus on device | 1 | Done | 0% | |
| G1:5 | Cooperate with safe storage app on device | 2 | Open | 100% | |
| G1:6 | Protect MUSES on device (From tampering) | 1 | Done | 0% | |
| G1:7 | Provide secure communication between MUSES Server and Clients | 2 | Open | 100% | |
| G1:8 | Monitor location details while trying to access a asset | 2 | Open | 100% | |
| G1:9 | Send alerts/messages from MUSES - MUSES alerting system | 2 | Open | 100% | |
| G1:10 | Local anti-virus detects the infection and alert MUSES local agent | 2 | Open | 100% | |
| G1:11 | Protect the DB on the device (Encrypt policies, rules etc.) | 2 | Open | 100% | |
| G1:12 | Set device policies ( Windows: Group policy, Android: Google Apps Device Policy, iOS: Mobile Device Management) | 1 | Open | 16% | "Total actions:6 |
| Left:1" | |||||
| G1:13 | Knowledge refinement:Detection of new context event combinations/patterns that might be related to existing corporate policies adapting the associated rules or creating new ones to cope with previously uncoded situations. | 2 | Open | 100% | |
| G1:14 | Server GUI for Security Policies / Risk Management | 2 | Open | 100% | |
| G1:15 | Anonymize data in server | 2 | Open | 100% | "Total actions:2 |
| Left:0" | |||||
| G1:16 | Register user with MUSES (server and device) | 2 | Open | 33% | "Total actions:3 |
| Left:1" | |||||
| G1:17 | Log information per component | 2 | Open | 100% | "Total actions:15 |
| Left:0" | |||||
| G1:18 | Sensor that are not assigned to a Use Case yet | 1 | Open | 20% | "Total actions:5 |
| Left:1" | |||||
| G1:19 | Get sensor configuration from server | 2 | Open | 66% | "Total actions:6 |
| Left:4" | |||||
| G1:20 | Server Database setup | 2 | Open | 100% | "Total actions:9 |
| Left:9" | |||||
| G1:21 | Context aggregation | 1 | Open | 100% |