OBJECTIVES

The EMERALD project will pursue the following objectives. For each objective, the KeyResults (KRs) to be achieved are also listed.



1
Provide next generation evidence gathering tools based on knowledge graph approach

KR1 EXTRACT: A framework to continuously extract knowledge on various layers of the cloud service (infrastructure, code, business processes) and prepare suitable evidence based on them

KR2 CERTGRAPH: A graph-based structure, the certification graph, to consolidate all necessary information of the service and make it easily query-able

2
Reduce complexity in multi-scheme Cloud certifications by assisted metric mapping

KR3 OPTIMA: An intelligent system to select an optimized set of metrics that can be measured to demonstrate compliance to the selected certification scheme

KR4 MULTICERT: A tool to assess chosen metrics based on information stored in the certification graph and to evaluate the final certificate decision

KR5 AIPOC: By transferring the innovation results to upcoming AI certification schemes, EMERALD establishes a proof of concept (PoC) on how to scale the CaaS approach to cloud-based AI systems

3
Provide a seamless user experience of continuous auditing for auditors and auditees

KR6 EMERALD UI/UX: A user interaction concept and conducted studies to show what information each user needs in an audit process

4
Provide interoperability to other frameworks, security asessment tools and repositories

KR7 INTEROP: An interoperability layer the trustworthy systems, assessment results and catalogue data

5
Validate the outcomes in industrial pilots

KR8 PILOTS: Involvement of realistic use cases by potential applicants of EMERALD

6
Promote the project, disseminate results and coordinate with international agencies

KR9 DECAS: Dissemination and communication of the project results via multiple channels, relevant conferences (e.g., ETSI security conference) and the scientific community. Exploitation of the project achievements by the technical and pilot partners. Standardization activities to discuss, verify and deepen the project findings with standardization bodies