Skip to content
/ backend Public

This system represents a PoC for the assessment of a risk of a data breach, based on data sharing networks that are enriched with data about historic data breaches. The implementation is guided by the [transparency information language and toolkit](https://github.com/Transparency-Information-Language/meta).

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TILT-RiskOfDataBreach/backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
analysis
analysis
 
 
dbseed
dbseed
 
 
mongo
mongo
 
 
risk
risk
 
 
tests
tests
 
 
tilt
tilt
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.dev.yml
docker-compose.dev.yml
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

TILT-RiskOfDataBreach Backend

This system represents a PoC for the assessment of a risk of a data breach, based on data sharing networks that are enriched with data about historic data breaches. The implementation is guided by the transparency information language and toolkit.

Startup

docker-compose up

Database Setup

The Docker Compose setup will automatically create a data database with tilts, risks, and users collections in it.

These collections will be filled with dummy-data by the dbseed service. You now can interact with our API on the admin level through the user (username: admin, password: SuperSecret).

Note: To reset the database (this will delete all data), remove the Docker volume backend_mongodata. As long as this volume is present, initialization scripts will have no impact.

To force an image rebuild on docker compose, run:

docker compose up --build

Security

Replace the SECRET_KEY in src/constants.py with your own, using the following command:

openssl rand -hex 32

Change the password property (and other properties if you want to) in dbseed/init-admin.json, by aquiring a new password using the following command:

from passlib.context import CryptContext

CryptContext(schemes=["bcrypt"], deprecated="auto").hash("respective_password")

Services

Our backend consists of three services: analysis-engine, risk-engine, and tilt-engine.

Analysis-Engine

The Analysis-Engine is used to estimate the risk posed by a data controller based on information extracted from associated TILTs. The service extracts a data sharing network and additional meta data from all available TILTs and uses structural information from the network and the additional meta data for the risk estimate.

API

Definition - access_lvl

  • 0: Default, can update data sharing network and risk estimates
  • 1: Admin, has admin access

Documentation

/docs
  • GETs interactive documentation web page

Analysis

/update
  • is run on startup and once a day
  • runs risk analysis algorithm outside of the aforementioned events
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"
}

GET:

{ }

Response:

{
 "acknowledged": "bool"
}

Authentication

/token
  • generates session and refresh token

POST (x-www-form-urlencoded):

{
 username: str
 password: str
}

Response:

{  
 "access_token": "str",
 "refresh_token": "str",
 "token_type": "str",
 "access_lvl": "int"
}
/refresh
  • generates new session token

Header:

{
 "refresh_token": "str"  
}

GET:

{ }

Response:

{  
 "access_token": "str",
 "token_type": "str",
 "access_lvl": "int"
}

Login

/is_username/{username}
  • checks if username exists
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"
}

GET:

{
 "username": "str"
}

Response:

{
 "is_username": "bool"
}
/signup
  • signups new user
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"  
}

POST:

{
 "username": "str",
 "password": "str",
 "company": "str",
 "country": "str",
 "address": "str",
 "access_lvl": "int"
}

Response:

{
 "acknowledged": "bool"
}

Risk-Engine

The Risk-Engine returns the estimated risks with the for the risk estimation extracted data.

API

Definition - access_lvl

  • Public!

Documentation

/docs
  • GETs interactive documentation web page

Risks

/{domain}
  • returns risk estimate with additional meta data used in the calculation
  • access_lvl: Public!

GET:

{
 "domain": "str"
}

Response:

{
        "domain": "str",
        "riskScore": "float",
        "avgSeverityOfBreaches": "int",
        "similarBreachedDomains": [
            {
                "domain": "str",
                "breaches": "int",
                "cluster": "int",
                "severity": "int",
                "articleRank": "float",
                "betweenness": "float",
                "degree": "float",
                "harmonicCloseness": "float"
            }
        ],
        "similarNodes": [
            {
                "domain": "str",
                "breaches": "int",
                "cluster": "int",
                "severity": "int",
                "articleRank": "float",
                "betweenness": "float",
                "degree": "float",
                "harmonicCloseness": "float"
            }
        ],
        "validMeasuresInCluster": [
            {
                "cluster": "int",
                "articleRank": "bool",
                "betweenness": "bool",
                "degree": "bool",
                "harmonicCloseness": "bool"
            }
        ]
    }

TILT-Engine

The TILT-Engine inserts, updates, or deletes TILTs upon request from certified sources.

API

Definition - access_lvl

  • 0: Default, can update data sharing network and risk estimates
  • 1: Admin, has admin access

Documentation

/docs
  • GETs interactive documentation web page

TILTs

/tilt/insert
  • inserts or updates one TILT document
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"
}

POST: [TILT](https://github.com/Transparency-Information-Language/schema)

Response:

{
 "acknowledged": "bool"
}
/tilts/insert
  • inserts or updates many TILT documents
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"
}

POST: [[TILT](https://github.com/Transparency-Information-Language/schema)]

Response:

{
 "acknowledged": "bool"
}
/{domain}/delete
  • deletes one TILT document
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"
}

DELETE:

{
 "domain": "str"
}

Response:

{
 "acknowledged": "bool"
}

Authentication

/token
  • generates session and refresh token

POST (x-www-form-urlencoded):

{
 username: str
 password: str
}

Response:

{  
 "access_token": "str",
 "refresh_token": "str",
 "token_type": "str",
 "access_lvl": "int"
}
/refresh
  • generates new session token

Header:

{
 "refresh_token": "str"  
}

GET:

{ }

Response:

{  
 "access_token": "str",
 "token_type": "str",
 "access_lvl": "int"
}

Login

/is_username/{username}
  • checks if username exists
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"
}

GET:

{
 "username": "str"
}

Response:

{
 "is_username": "bool"
}
/signup
  • signups new user
  • access_lvl: 0 & 1

Header:

{
 "access_token": "str"  
}

POST:

{
 "username": "str",
 "password": "str",
 "company": "str",
 "country": "str",
 "address": "str",
 "access_lvl": "int"
}

Response:

{
 "acknowledged": "bool"
}

About

This system represents a PoC for the assessment of a risk of a data breach, based on data sharing networks that are enriched with data about historic data breaches. The implementation is guided by the [transparency information language and toolkit](https://github.com/Transparency-Information-Language/meta).

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages