SlideShare a Scribd company logo

OpenSplice Security Module

Angelo Corsaro
Angelo Corsaro

This presentation provide an overview of the mechanism provided by the OpenSplice Security Model to support secure DDS communication.

TechnologyNews & Politics
1 of 18
Download to read offline
OpenSplice Security Module OpenSplice DDS Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com
OpenSplice Security in Brief The OpenSplice Security module provides transport security Copyright  2011,  PrismTech  –    All  Rights  Reserved. enjoying the following properties: ☐ Confidentiality and Data Integrity (Availability is built-in DDS) OpenSplice DDS ☐ Separation between the area in which information is processed in unencrypted-form (RED) and the area in which critical information is not permitted to flow in unencrypted- form (BLACK) ☐ Authenticity via Mandatory Access Control
Separation of Information Flows ☐ OpenSplice DDS binds a level of security to a node Copyright  2011,  PrismTech  –    All  Rights  Reserved. (or OS partition on a separation kernel) ☐ All applications running on the same node will share OpenSplice DDS the same level of security (same user) ☐ The reliable separation of different level of security (clearance) is provided for applications deployed on different nodes (or OS partitions)
Data Confidentiality OpenSplice DDS and Integrity
DDS Partitions ☐ The Partition QoS Policy can Domain be used as subjects Copyright  2011,  PrismTech  –    All  Rights  Reserved. organizing the flow of data Subscriber ☐ The Partition QoS Policy is Publisher "tracks.kfo" "tracks.ufo" used to connect Publishers/ OpenSplice DDS Subscribers to a Partitions’ List which might also contain Subscriber wildcards, e.g. tracks.* Publisher ☐ Topics are published and subscribed across one or Publisher Subscriber more Partitions Partition
DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars" OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> Partition Global Data Space (GDS) Topic
DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars" OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> “airspace.*” Partition Global Data Space (GDS) Topic
DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars" OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> “airspace.kfo.*” Partition Global Data Space (GDS) Topic
OpenSplice Network Partitions Subscriber Publisher "tracks.kfo" "tracks.ufo" Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ OpenSplice DDS Subscriber Publisher maps DDS Partitions OpenSplice DDS onto Network Partitions Publisher Subscriber "NetPartOne" "NetPartTwo" 239.1.1.18 239.1.1.19 "NetPartThree" 239.1.1.18, 192.1.1.7
{C+I} in OpenSplice DDS ☐ Security profile can be Subscriber associated with Network Copyright  2011,  PrismTech  –    All  Rights  Reserved. Publisher "tracks.kfo" "tracks.ufo" Partitions ☐ Each Security Profile Publisher Subscriber specifies: OpenSplice DDS ☐ Cipher (AES, BLOWFISH, N/A) ☐ Key Publisher Subscriber All data sent over the given "NetPartOne" "NetPartTwo" ☐ 239.1.1.18 partition is then encrypted 239.1.1.19 "NetPartThree" 239.1.1.18, with the provided cipher/ 192.1.1.7 key
Access Control OpenSplice DDS
Access Control ☐ Access Control is implemented via an optional and Copyright  2011,  PrismTech  –    All  Rights  Reserved. pluggable module ☐ This allows to plug-in modules implementing Mandatory OpenSplice DDS Access Control (MAC) based on Bell-LaPadula/Biba model, Role-Based Access Control, or others ☐ The current implementation only provides support for Mandatory Access Control (MAC)
Access Control in OpenSplice ☐ OpenSplice implements two access control Copyright  2011,  PrismTech  –    All  Rights  Reserved. enforcement points: ☐ Inbound traffic. When reading data from the network, the following checks are carried out: OpenSplice DDS ☐ is the reader allowed to receive the data? ☐ was the data published by a trusted node? (in other words, was the sender allowed to send the data) ☐ Outbound Traffic. When writing data to the network, the following check is carried out: ☐ is the user allowed to write data to the network?
MAC in OpenSplice ☐ Mandatory Access Control (MAC) in Open Splice combines Copyright  2011,  PrismTech  –    All  Rights  Reserved. the Bell-LaPadula and Biba models to ensure confidentiality and data integrity. ☐ Each resource (object) has a classification made by (1) OpenSplice DDS secrecy level, (2) integrity level and (3) a set of compartments that this resource is intended for ☐ Each user (subject) has a clearance made by (1) secrecy level, (2) an integrity level and (3) a set of compartments this user has a ‘need-to-know’ for
MAC in OpenSplice Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ To determine if a user is authorized to access a resource, e.g. publish a certain topic or subscribe to a OpenSplice DDS topic, the clearance of the user is compared to the classification of the resource
Secrecy Level Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Subscribing is permitted if the resource’s secrecy level is identical or lower than the user’s secrecy level OpenSplice DDS ☐ Publishing is permitted if the resource’s secrecy level is identical or higher than the user’s secrecy level
Integrity Level Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Subscribing is permitted if the resource’s integrity level is identical or higher OpenSplice DDS ☐ Publishing is permitted if the resource’s integrity level is identical or lower
Need to Know Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Publish/Subscribe is permitted if the user’s set of OpenSplice DDS compartments is a subset of the resource’s set of compartments

Recommended

Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds securityRamzi Karoui
 
DDS Everywhere
DDS EverywhereDDS Everywhere
DDS EverywhereAngelo Corsaro
 
Getting Started with Vortex
Getting Started with VortexGetting Started with Vortex
Getting Started with VortexAngelo Corsaro
 
The Present and Future of DDS
The Present and Future of DDSThe Present and Future of DDS
The Present and Future of DDSAngelo Corsaro
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitAngelo Corsaro
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardAngelo Corsaro
 

Recommended

Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds securityRamzi Karoui
 
DDS Everywhere
DDS EverywhereDDS Everywhere
DDS EverywhereAngelo Corsaro
 
Getting Started with Vortex
Getting Started with VortexGetting Started with Vortex
Getting Started with VortexAngelo Corsaro
 
The Present and Future of DDS
The Present and Future of DDSThe Present and Future of DDS
The Present and Future of DDSAngelo Corsaro
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitAngelo Corsaro
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
DDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileDDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileAngelo Corsaro
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...Gerardo Pardo-Castellote
 
OMG DDS Security Standard
OMG DDS Security StandardOMG DDS Security Standard
OMG DDS Security StandardGerardo Pardo-Castellote
 
OMG DDS Tutorial - Part I
OMG DDS Tutorial - Part IOMG DDS Tutorial - Part I
OMG DDS Tutorial - Part IAngelo Corsaro
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET Journal
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationAngelo Corsaro
 
DDS Security
DDS SecurityDDS Security
DDS SecurityReal-Time Innovations (RTI)
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityGerardo Pardo-Castellote
 
OMG Data-Distribution Service (DDS) Tutorial - 2009
OMG Data-Distribution Service (DDS) Tutorial - 2009OMG Data-Distribution Service (DDS) Tutorial - 2009
OMG Data-Distribution Service (DDS) Tutorial - 2009Gerardo Pardo-Castellote
 
Reactive Data Centric Architectures with DDS
Reactive Data Centric Architectures with DDSReactive Data Centric Architectures with DDS
Reactive Data Centric Architectures with DDSAngelo Corsaro
 
DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018Gerardo Pardo-Castellote
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET Journal
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyTowards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyIRJET Journal
 
OMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionOMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionGerardo Pardo-Castellote
 
Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Gerardo Pardo-Castellote
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceGerardo Pardo-Castellote
 
DDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxDDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxAngelo Corsaro
 
Stream Processing with DDS and CEP
Stream Processing with DDS and CEPStream Processing with DDS and CEP
Stream Processing with DDS and CEPAngelo Corsaro
 

More Related Content

What's hot

The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
DDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileDDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileAngelo Corsaro
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...Gerardo Pardo-Castellote
 
OMG DDS Tutorial - Part I
OMG DDS Tutorial - Part IOMG DDS Tutorial - Part I
OMG DDS Tutorial - Part IAngelo Corsaro
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET Journal
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationAngelo Corsaro
 
OMG Data-Distribution Service (DDS) Tutorial - 2009
OMG Data-Distribution Service (DDS) Tutorial - 2009OMG Data-Distribution Service (DDS) Tutorial - 2009
OMG Data-Distribution Service (DDS) Tutorial - 2009Gerardo Pardo-Castellote
 
Reactive Data Centric Architectures with DDS
Reactive Data Centric Architectures with DDSReactive Data Centric Architectures with DDS
Reactive Data Centric Architectures with DDSAngelo Corsaro
 
DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018Gerardo Pardo-Castellote
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET Journal
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyTowards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyIRJET Journal
 
Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Gerardo Pardo-Castellote
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceGerardo Pardo-Castellote
 

What's hot (20)

The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
 
DDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileDDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice Mobile
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
 
OMG DDS Security Standard
OMG DDS Security StandardOMG DDS Security Standard
OMG DDS Security Standard
 
OMG DDS Tutorial - Part I
OMG DDS Tutorial - Part IOMG DDS Tutorial - Part I
OMG DDS Tutorial - Part I
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway Specification
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption System
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
 
DDS Security
DDS SecurityDDS Security
DDS Security
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
OMG Data-Distribution Service (DDS) Tutorial - 2009
OMG Data-Distribution Service (DDS) Tutorial - 2009OMG Data-Distribution Service (DDS) Tutorial - 2009
OMG Data-Distribution Service (DDS) Tutorial - 2009
 
Reactive Data Centric Architectures with DDS
Reactive Data Centric Architectures with DDSReactive Data Centric Architectures with DDS
Reactive Data Centric Architectures with DDS
 
DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
 
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyTowards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
 
OMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised SubmissionOMG DDS Security. 4th Revised Submission
OMG DDS Security. 4th Revised Submission
 
Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)Introduction to OMG DDS (1 hour, 45 slides)
Introduction to OMG DDS (1 hour, 45 slides)
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS Conference
 

Similar to OpenSplice Security Module

DDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxDDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxAngelo Corsaro
 
Stream Processing with DDS and CEP
Stream Processing with DDS and CEPStream Processing with DDS and CEP
Stream Processing with DDS and CEPAngelo Corsaro
 
Connected Mobile and Web Applications with Vortex
Connected Mobile and Web Applications with VortexConnected Mobile and Web Applications with Vortex
Connected Mobile and Web Applications with VortexAngelo Corsaro
 
Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...
Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...
Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...ADLINK Technology IoT
 
OpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIOpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIAngelo Corsaro
 
Classical Distributed Algorithms with DDS
Classical Distributed Algorithms with DDSClassical Distributed Algorithms with DDS
Classical Distributed Algorithms with DDSAngelo Corsaro
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsJaime Martin Losa
 
Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++Sumant Tambe
 
Advanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part IIAdvanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part IIAngelo Corsaro
 
Spring Cairngorm
Spring CairngormSpring Cairngorm
Spring Cairngormdevaraj ns
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for DevicesJorgen Thelin
 
Open splicedds espercep-webinar
Open splicedds espercep-webinarOpen splicedds espercep-webinar
Open splicedds espercep-webinarTomasz Waszczyk
 
ADF Mobile: Implementing Data Caching and Synching
ADF Mobile: Implementing Data Caching and SynchingADF Mobile: Implementing Data Caching and Synching
ADF Mobile: Implementing Data Caching and SynchingSteven Davelaar
 
Sector Sphere 2009
Sector Sphere 2009Sector Sphere 2009
Sector Sphere 2009lilyco
 
sector-sphere
sector-spheresector-sphere
sector-spherexlight
 
DataStage_Whitepaper
DataStage_WhitepaperDataStage_Whitepaper
DataStage_WhitepaperSourav Maity
 
The DDS Tutorial Part II
The DDS Tutorial Part IIThe DDS Tutorial Part II
The DDS Tutorial Part IIAngelo Corsaro
 

Similar to OpenSplice Security Module (20)

DDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxDDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxx
 
Stream Processing with DDS and CEP
Stream Processing with DDS and CEPStream Processing with DDS and CEP
Stream Processing with DDS and CEP
 
Connected Mobile and Web Applications with Vortex
Connected Mobile and Web Applications with VortexConnected Mobile and Web Applications with Vortex
Connected Mobile and Web Applications with Vortex
 
Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...
Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...
Connected Mobile and Web Applications with PrismTech Vortex Data Sharing Plat...
 
OpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIOpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part II
 
Classical Distributed Algorithms with DDS
Classical Distributed Algorithms with DDSClassical Distributed Algorithms with DDS
Classical Distributed Algorithms with DDS
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applications
 
Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++Standardizing the Data Distribution Service (DDS) API for Modern C++
Standardizing the Data Distribution Service (DDS) API for Modern C++
 
Advanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part IIAdvanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part II
 
DDS QoS Unleashed
DDS QoS UnleashedDDS QoS Unleashed
DDS QoS Unleashed
 
Spring Cairngorm
Spring CairngormSpring Cairngorm
Spring Cairngorm
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for Devices
 
Open splicedds espercep-webinar
Open splicedds espercep-webinarOpen splicedds espercep-webinar
Open splicedds espercep-webinar
 
ADF Mobile: Implementing Data Caching and Synching
ADF Mobile: Implementing Data Caching and SynchingADF Mobile: Implementing Data Caching and Synching
ADF Mobile: Implementing Data Caching and Synching
 
Sector Sphere 2009
Sector Sphere 2009Sector Sphere 2009
Sector Sphere 2009
 
sector-sphere
sector-spheresector-sphere
sector-sphere
 
DataStage_Whitepaper
DataStage_WhitepaperDataStage_Whitepaper
DataStage_Whitepaper
 
BlazeDS
BlazeDSBlazeDS
BlazeDS
 
Dancing with the Elephant
Dancing with the ElephantDancing with the Elephant
Dancing with the Elephant
 
The DDS Tutorial Part II
The DDS Tutorial Part IIThe DDS Tutorial Part II
The DDS Tutorial Part II
 

More from Angelo Corsaro

zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data FabricAngelo Corsaro
 
zenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computezenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computeAngelo Corsaro
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingAngelo Corsaro
 
fog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructurefog05: The Fog Computing Infrastructure
fog05: The Fog Computing InfrastructureAngelo Corsaro
 
Cyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeCyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeAngelo Corsaro
 
fog05: The Fog Computing Platform
fog05: The Fog Computing Platformfog05: The Fog Computing Platform
fog05: The Fog Computing PlatformAngelo Corsaro
 
Programming in Scala - Lecture Four
Programming in Scala - Lecture FourProgramming in Scala - Lecture Four
Programming in Scala - Lecture FourAngelo Corsaro
 
Programming in Scala - Lecture Three
Programming in Scala - Lecture ThreeProgramming in Scala - Lecture Three
Programming in Scala - Lecture ThreeAngelo Corsaro
 
Programming in Scala - Lecture Two
Programming in Scala - Lecture TwoProgramming in Scala - Lecture Two
Programming in Scala - Lecture TwoAngelo Corsaro
 
Programming in Scala - Lecture One
Programming in Scala - Lecture OneProgramming in Scala - Lecture One
Programming in Scala - Lecture OneAngelo Corsaro
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsAngelo Corsaro
 
The DDS Security Standard
The DDS Security StandardThe DDS Security Standard
The DDS Security StandardAngelo Corsaro
 
RUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsRUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsAngelo Corsaro
 

More from Angelo Corsaro (20)

Zenoh: The Genesis
Zenoh: The GenesisZenoh: The Genesis
Zenoh: The Genesis
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data Fabric
 
Zenoh Tutorial
Zenoh TutorialZenoh Tutorial
Zenoh Tutorial
 
zenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computezenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query compute
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
 
Eastern Sicily
Eastern SicilyEastern Sicily
Eastern Sicily
 
fog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructurefog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructure
 
Cyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeCyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT Age
 
fog05: The Fog Computing Platform
fog05: The Fog Computing Platformfog05: The Fog Computing Platform
fog05: The Fog Computing Platform
 
Programming in Scala - Lecture Four
Programming in Scala - Lecture FourProgramming in Scala - Lecture Four
Programming in Scala - Lecture Four
 
Programming in Scala - Lecture Three
Programming in Scala - Lecture ThreeProgramming in Scala - Lecture Three
Programming in Scala - Lecture Three
 
Programming in Scala - Lecture Two
Programming in Scala - Lecture TwoProgramming in Scala - Lecture Two
Programming in Scala - Lecture Two
 
Programming in Scala - Lecture One
Programming in Scala - Lecture OneProgramming in Scala - Lecture One
Programming in Scala - Lecture One
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained Envionrments
 
The DDS Security Standard
The DDS Security StandardThe DDS Security Standard
The DDS Security Standard
 
RUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsRUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming Ruminations
 
Fog Computing Defined
Fog Computing DefinedFog Computing Defined
Fog Computing Defined
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part II
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

OpenSplice Security Module

  • 1. OpenSplice Security Module OpenSplice DDS Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com
  • 2. OpenSplice Security in Brief The OpenSplice Security module provides transport security Copyright  2011,  PrismTech  –    All  Rights  Reserved. enjoying the following properties: ☐ Confidentiality and Data Integrity (Availability is built-in DDS) OpenSplice DDS ☐ Separation between the area in which information is processed in unencrypted-form (RED) and the area in which critical information is not permitted to flow in unencrypted- form (BLACK) ☐ Authenticity via Mandatory Access Control
  • 3. Separation of Information Flows ☐ OpenSplice DDS binds a level of security to a node Copyright  2011,  PrismTech  –    All  Rights  Reserved. (or OS partition on a separation kernel) ☐ All applications running on the same node will share OpenSplice DDS the same level of security (same user) ☐ The reliable separation of different level of security (clearance) is provided for applications deployed on different nodes (or OS partitions)
  • 5. DDS Partitions ☐ The Partition QoS Policy can Domain be used as subjects Copyright  2011,  PrismTech  –    All  Rights  Reserved. organizing the flow of data Subscriber ☐ The Partition QoS Policy is Publisher "tracks.kfo" "tracks.ufo" used to connect Publishers/ OpenSplice DDS Subscribers to a Partitions’ List which might also contain Subscriber wildcards, e.g. tracks.* Publisher ☐ Topics are published and subscribed across one or Publisher Subscriber more Partitions Partition
  • 6. DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars" OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> Partition Global Data Space (GDS) Topic
  • 7. DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars" OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> “airspace.*” Partition Global Data Space (GDS) Topic
  • 8. DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars" OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> “airspace.kfo.*” Partition Global Data Space (GDS) Topic
  • 9. OpenSplice Network Partitions Subscriber Publisher "tracks.kfo" "tracks.ufo" Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ OpenSplice DDS Subscriber Publisher maps DDS Partitions OpenSplice DDS onto Network Partitions Publisher Subscriber "NetPartOne" "NetPartTwo" 239.1.1.18 239.1.1.19 "NetPartThree" 239.1.1.18, 192.1.1.7
  • 10. {C+I} in OpenSplice DDS ☐ Security profile can be Subscriber associated with Network Copyright  2011,  PrismTech  –    All  Rights  Reserved. Publisher "tracks.kfo" "tracks.ufo" Partitions ☐ Each Security Profile Publisher Subscriber specifies: OpenSplice DDS ☐ Cipher (AES, BLOWFISH, N/A) ☐ Key Publisher Subscriber All data sent over the given "NetPartOne" "NetPartTwo" ☐ 239.1.1.18 partition is then encrypted 239.1.1.19 "NetPartThree" 239.1.1.18, with the provided cipher/ 192.1.1.7 key
  • 12. Access Control ☐ Access Control is implemented via an optional and Copyright  2011,  PrismTech  –    All  Rights  Reserved. pluggable module ☐ This allows to plug-in modules implementing Mandatory OpenSplice DDS Access Control (MAC) based on Bell-LaPadula/Biba model, Role-Based Access Control, or others ☐ The current implementation only provides support for Mandatory Access Control (MAC)
  • 13. Access Control in OpenSplice ☐ OpenSplice implements two access control Copyright  2011,  PrismTech  –    All  Rights  Reserved. enforcement points: ☐ Inbound traffic. When reading data from the network, the following checks are carried out: OpenSplice DDS ☐ is the reader allowed to receive the data? ☐ was the data published by a trusted node? (in other words, was the sender allowed to send the data) ☐ Outbound Traffic. When writing data to the network, the following check is carried out: ☐ is the user allowed to write data to the network?
  • 14. MAC in OpenSplice ☐ Mandatory Access Control (MAC) in Open Splice combines Copyright  2011,  PrismTech  –    All  Rights  Reserved. the Bell-LaPadula and Biba models to ensure confidentiality and data integrity. ☐ Each resource (object) has a classification made by (1) OpenSplice DDS secrecy level, (2) integrity level and (3) a set of compartments that this resource is intended for ☐ Each user (subject) has a clearance made by (1) secrecy level, (2) an integrity level and (3) a set of compartments this user has a ‘need-to-know’ for
  • 15. MAC in OpenSplice Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ To determine if a user is authorized to access a resource, e.g. publish a certain topic or subscribe to a OpenSplice DDS topic, the clearance of the user is compared to the classification of the resource
  • 16. Secrecy Level Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Subscribing is permitted if the resource’s secrecy level is identical or lower than the user’s secrecy level OpenSplice DDS ☐ Publishing is permitted if the resource’s secrecy level is identical or higher than the user’s secrecy level
  • 17. Integrity Level Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Subscribing is permitted if the resource’s integrity level is identical or higher OpenSplice DDS ☐ Publishing is permitted if the resource’s integrity level is identical or lower
  • 18. Need to Know Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Publish/Subscribe is permitted if the user’s set of OpenSplice DDS compartments is a subset of the resource’s set of compartments