Summary of Key Achievements in EMERALD:
• WP1 Concept and Methodology: Defined the system architecture, requirements, and initial data model. DevOps infrastructure with integration and production environments was established using Infrastructure as Code. The first version of the EMERALD CaaS framework, including Keycloak for identity management, was implemented.
• WP2 Methodology for Knowledge Extraction: Designed the unified graph model and developed owl2proto for converting ontologies to Protobuf. Released the initial certification graph schema and enlarged the functionalities of eknows-e3 and Codyze. Enhanced AMOE and Clouditor-Discovery, and released a prototype of AI-SEC. Integration of evidence extraction tools into EMERALD began, along with UI requirement discussions.
• WP3 Evidence Assessment and Certification: Initial version of the tools (Orchestrator, Evaluation, Evidence-Store, Assessment, RCM, MARI, TWS) integrated into the Framework. Hybrid database approach using a relational database for the Certification Graph that allows graph database queries. EUCS, BSI-C5, and AIC4 security schemes are supported, and a Converter for OSCAL was developed. MARI introduced a transformer model and refined its API. TWS was deployed on an Alastria node with smart contracts .
• WP4 User Interaction and Experience: Gathered UI/UX requirements from previous projects and pilots. Developed audit processes, user scenarios, paper and clickable mock-ups, and implemented the EMERALD UI with integration mechanisms for the other components of the framework.
• WP5 Operational and Financial Pilots: Focused on defining and preparing pilots to validate EMERALD. Developed a validation approach and aligned business and technical requirements. Followed a “stage-gate” process covering pilot setup, data preparation, requirement alignment, test environments, and UX validation.