CRISP Quality Requirements - COS301-SE-2025/CRISP GitHub Wiki

Quality Requirements

1.1 Performance Requirements

Requirement Statement CRISP shall deliver responsive performance for both Human-Machine Interface (HMI) and Machine-to-Machine (M2M) interactions while enforcing resource consumption constraints.

  • P1.1 API endpoints shall respond within 2 seconds for 95% of requests under normal load
  • P1.2 Web pages shall load within 3 seconds for standard broadband connections
  • P1.3 Threat feed processing shall handle up to 1,000 IoCs per minute
  • P1.4 Real-time alerts shall be generated and delivered within 60 seconds of triggering conditions
  • P1.5 System shall support 20 concurrent users without performance degradation
  • P1.6 Bulk threat intelligence uploads shall process 100 records per second
  • P1.7 Data anonymization shall process 100 threat records per second

Architectural Strategies Strategy: Performance-Optimized Layered Architecture Implementation:

  • Database indexing on frequently queried fields (IoC values, timestamps)
  • Connection pooling for database connections
  • Caching layer using Redis for frequently accessed data
  • Asynchronous processing for heavy operations (STIX conversion, anonymization)
  • Query optimization and database performance monitoring

Justification Fast performance is essential for threat intelligence platforms during incident response. With STIX/TAXII processing already optimized in the implemented feed publication and consumption components, performance requirements ensure that adding authentication and user management doesn't degrade the system's responsiveness for both human users and automated threat sharing.

Testing Approach

  • Unit tests for STIX/TAXII processing components
  • Integration tests for API endpoints and response times
  • Performance testing with simulated concurrent users (10-20 users)
  • Automated testing in CI/CD pipeline for regression detection

1.2 Reliability Requirements

Requirement Statement CRISP shall maintain high availability to ensure continuous threat intelligence sharing between autonomous CRISP server instances and external threat feeds.

  • R1.1 System uptime target of 99% (approximately 7 hours downtime per month)
  • R1.2 Planned maintenance windows not to exceed 4 hours per month
  • R1.3 System recovery time objective (RTO) of 30 minutes for critical failures
  • R1.4 Data recovery point objective (RPO) of 4 hours for database recovery
  • R1.5 System shall gracefully handle invalid input data without crashing
  • R1.6 System shall provide meaningful error messages to users for all failure scenarios
  • R1.7 System shall automatically retry failed external API calls (maximum 3 attempts with exponential backoff)

Architectural Strategies Strategy: Fault-Tolerant Architecture with Monitoring and Data Validation Implementation:

  • Docker containerization for easy deployment and recovery
  • Database replication with automatic failover
  • Application health checks and monitoring endpoints
  • Automated backup verification and restoration testing
  • Load balancing for traffic distribution
  • Database constraints and foreign key relationships
  • Checksums and hash verification for data integrity
  • Transaction management with rollback capabilities

Justification With threat feed publication and consumption already implemented, availability focuses on ensuring these core capabilities remain reliable. The successful implementation of STIX/TAXII-compliant feed sharing demonstrates the system's ability to maintain continuous threat intelligence exchange, which is critical for timely incident response across educational institutions facing ransomware threats. Data integrity is critical for maintaining trust in shared threat intelligence.

Testing Approach

  • Unit tests for threat feed services and repositories
  • Integration tests for Docker deployment and system recovery
  • Automated uptime monitoring during development
  • Manual testing of feed synchronization between instances
  • Integration tests for data consistency across components
  • Automated testing for threat feed processing workflows

1.3 Scalability Requirements

  • S1.1 Architecture shall support scaling from 5 to 50 client Institutions
  • S1.2 Database shall handle growth from 100MB to 10GB of threat intelligence data
  • S1.3 System shall support horizontal scaling with load balancer for increased user load
  • S1.4 API shall support rate limiting and throttling to prevent abuse
  • S1.5 System shall support distributed deployment across multiple CRISP instances

Architectural Strategies Strategy: Scalable Distributed Architecture Implementation:

  • Microservices architecture supporting horizontal scaling
  • Database optimization and indexing for large datasets
  • Caching strategies for frequently accessed data
  • Load balancing for traffic distribution
  • Asynchronous processing for resource-intensive operations

Justification Scalability ensures CRISP can grow from initial deployment to support larger networks of educational institutions sharing threat intelligence. The existing STIX/TAXII infrastructure provides a solid foundation for scaling threat data processing and sharing capabilities.

Testing Approach

  • Performance testing with increasing user loads
  • Stress testing for concurrent threat feed processing
  • Database performance testing with large datasets
  • Integration testing for distributed deployments

1.4 Security Requirements

Requirement Statement CRISP shall implement comprehensive security measures to protect sensitive threat intelligence data and ensure secure communication between organizations.

  • SEC1.1 All user sessions shall timeout after 60 minutes of inactivity
  • SEC1.2 Administrative accounts should implement two-factor authentication capability
  • SEC1.3 API authentication via JWT tokens with 24-hour expiration and refresh capability
  • SEC1.4 Role-based access control with principle of least privilege enforcement
  • SEC1.5 All data in transit encrypted using TLS 1.2 or higher
  • SEC1.6 Sensitive data at rest encrypted using AES-256 encryption
  • SEC1.7 Data anonymization effectiveness target of 95% (analytical value preserved)
  • SEC1.8 Comprehensive audit logs retained for 12 months with tamper-proof storage
  • SEC1.9 Input validation and sanitization for all user inputs to prevent injection attacks
  • SEC1.10 CSRF protection implemented for all state-changing operations

Architectural Strategies Strategy: Layered Security Architecture Implementation:

  • JWT-based authentication middleware
  • Role-based permission decorators on service methods
  • Encrypted database fields for sensitive IoC data
  • Comprehensive audit logging using Observer pattern
  • Input validation and sanitization at API layer

Justification Security is the highest priority for CRISP as it handles sensitive cybersecurity data. With anonymization, threat feed publication, and consumption already implemented, the current focus on authentication and user management establishes the foundation for secure institution-to-institution threat sharing. API rate limiting addresses the specific OWASP API4:2023 constraint identified in the project requirements.

Testing Approach

  • Unit tests for authentication and authorization functions
  • Integration tests for user registration and login flows
  • Security testing for API endpoints and rate limiting
  • Automated testing in CI/CD pipeline
  • Manual penetration testing with basic security tools

1.5 Usability Requirements

  • U1.1 Web interface compatible with Chrome, Firefox, Safari, Edge (latest 2 versions)
  • U1.2 Mobile-responsive design supporting tablets and smartphones (viewport ≥ 768px)
  • U1.3 New Institution Publisher onboarding completable within 2 hours including user setup
  • U1.4 Common threat intelligence tasks achievable within 5 clicks from dashboard
  • U1.5 Context-sensitive help and documentation available throughout interface
  • U1.6 System shall provide clear feedback for all user actions within 1 second

Architectural Strategies Strategy: User-Centered Interface Design Implementation:

  • Responsive web design frameworks
  • Intuitive navigation and information architecture
  • Clear feedback mechanisms for user actions
  • Accessible design following WCAG guidelines
  • Progressive disclosure of complex functionality

Justification Usable interfaces are essential for effective threat intelligence sharing, ensuring that security analysts can quickly access and act on critical information during incident response scenarios.

Testing Approach

  • User interface testing across different browsers and devices
  • Usability testing with representative users
  • Accessibility testing for compliance with standards
  • User acceptance testing for key workflows

1.6 Data Integrity Requirements

Requirement Statement CRISP shall ensure the accuracy, consistency, and proper anonymization of all threat intelligence data while maintaining utility for cybersecurity operations.

Architectural Strategies Strategy: Data Validation and Consistency Architecture Implementation:

  • STIX schema validation using factory pattern for object creation
  • Database constraints and foreign key relationships
  • Checksums and hash verification for data integrity
  • Transaction management with rollback capabilities
  • Data synchronization protocols between distributed instances
  • Comprehensive logging of all data operations

Justification Data integrity is critical for maintaining trust in shared threat intelligence. With anonymization strategies already successfully implemented, the focus shifts to ensuring this anonymized data maintains its accuracy and utility while being shared between institutions. The successful anonymization implementation demonstrates the system's ability to protect institutional confidentiality while preserving threat intelligence value.

Testing Approach

  • Unit tests for anonymization strategies and STIX validation
  • Integration tests for data consistency across components
  • Automated testing for threat feed processing workflows
  • Manual verification of anonymized data output

1.7 Compliance Requirements

Requirement Statement CRISP shall maintain full compatibility with industry-standard threat intelligence formats and protocols to ensure seamless integration with existing security ecosystems.

  • C1.1 Full STIX 2.1 specification compliance for threat intelligence format and structure
  • C1.2 Complete TAXII 2.1 specification compliance for threat intelligence sharing protocols
  • C1.3 RESTful API design following OpenAPI 3.0 specification with comprehensive documentation
  • C1.4 Support for data export in JSON, CSV, and STIX formats for interoperability

Architectural Strategies Strategy: Standards-Based Integration Architecture Implementation:

  • STIX/TAXII libraries for standard-compliant object handling
  • Factory pattern for creating standards-compliant threat objects
  • Adapter pattern for integrating with different external platforms
  • Comprehensive API documentation following OpenAPI standards
  • Format conversion utilities for different data representations
  • Data synchronization protocols between distributed instances

Justification Interoperability through STIX/TAXII standards is fundamental to CRISP's mission. The successful implementation of standards-compliant threat feed publication and consumption demonstrates the system's ability to integrate with existing threat intelligence ecosystems. This foundation enables institutions to seamlessly share and consume threat data with external sources and future CRISP instances. Data integrity ensures accuracy and consistency of anonymized data while maintaining its utility.

Testing Approach

  • Unit tests for STIX/TAXII object creation and parsing
  • Integration tests with external TAXII server endpoints
  • Compliance testing against STIX/TAXII specifications
  • Manual testing of data exchange with standard threat intelligence tools
  • Unit tests for anonymization strategies and STIX validation
  • Manual verification of anonymized data output