OpenSplice Security Module

1,748 views

Published on

This presentation provide an overview of the mechanism provided by the OpenSplice Security Model to support secure DDS communication.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,748
On SlideShare
0
From Embeds
0
Number of Embeds
25
Actions
Shares
0
Downloads
78
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OpenSplice Security Module

  1. 1. OpenSplice Security ModuleOpenSplice DDS Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com
  2. 2. OpenSplice Security in Brief The OpenSplice Security module provides transport security Copyright  2011,  PrismTech  –    All  Rights  Reserved. enjoying the following properties: ☐ Confidentiality and Data Integrity (Availability is built-in DDS)OpenSplice DDS ☐ Separation between the area in which information is processed in unencrypted-form (RED) and the area in which critical information is not permitted to flow in unencrypted- form (BLACK) ☐ Authenticity via Mandatory Access Control
  3. 3. Separation of Information Flows ☐ OpenSplice DDS binds a level of security to a node Copyright  2011,  PrismTech  –    All  Rights  Reserved. (or OS partition on a separation kernel) ☐ All applications running on the same node will shareOpenSplice DDS the same level of security (same user) ☐ The reliable separation of different level of security (clearance) is provided for applications deployed on different nodes (or OS partitions)
  4. 4. Data ConfidentialityOpenSplice DDS and Integrity
  5. 5. DDS Partitions ☐ The Partition QoS Policy can Domain be used as subjects Copyright  2011,  PrismTech  –    All  Rights  Reserved. organizing the flow of data Subscriber ☐ The Partition QoS Policy is Publisher "tracks.kfo" "tracks.ufo" used to connect Publishers/OpenSplice DDS Subscribers to a Partitions’ List which might also contain Subscriber wildcards, e.g. tracks.* Publisher ☐ Topics are published and subscribed across one or Publisher Subscriber more Partitions Partition
  6. 6. DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars"OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> Partition Global Data Space (GDS) Topic
  7. 7. DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars"OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> “airspace.*” Partition Global Data Space (GDS) Topic
  8. 8. DataReader <TrakedObject> DataWriter Subscriber <TrakedObject> "airspace.kfo.aircrafts" DataReader <TrakedObject> Publisher DataWriter AirCraft FlightPlan <FlightPlan> DataReader Subscriber <FlightPlan> "airspace.tfo" DataWriter <FlightPlan> Publisher Tracks Subscriber DataReader <Tracks> "airspace.kfo.flyingcars"OpenSplice DDS DataReader DataWriter <TrackedObject> <TrakedObject> Subscriber Publisher FlyingCar FlightPlan DataWriter DataReader <FlightPlan> <FlightPlan> “airspace.kfo.*” Partition Global Data Space (GDS) Topic
  9. 9. OpenSplice Network Partitions Subscriber Publisher "tracks.kfo" "tracks.ufo" Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ OpenSplice DDS Subscriber Publisher maps DDS PartitionsOpenSplice DDS onto Network Partitions Publisher Subscriber "NetPartOne" "NetPartTwo" 239.1.1.18 239.1.1.19 "NetPartThree" 239.1.1.18, 192.1.1.7
  10. 10. {C+I} in OpenSplice DDS ☐ Security profile can be Subscriber associated with Network Copyright  2011,  PrismTech  –    All  Rights  Reserved. Publisher "tracks.kfo" "tracks.ufo" Partitions ☐ Each Security Profile Publisher Subscriber specifies:OpenSplice DDS ☐ Cipher (AES, BLOWFISH, N/A) ☐ Key Publisher Subscriber All data sent over the given "NetPartOne" "NetPartTwo" ☐ 239.1.1.18 partition is then encrypted 239.1.1.19 "NetPartThree" 239.1.1.18, with the provided cipher/ 192.1.1.7 key
  11. 11. Access ControlOpenSplice DDS
  12. 12. Access Control ☐ Access Control is implemented via an optional and Copyright  2011,  PrismTech  –    All  Rights  Reserved. pluggable module ☐ This allows to plug-in modules implementing MandatoryOpenSplice DDS Access Control (MAC) based on Bell-LaPadula/Biba model, Role-Based Access Control, or others ☐ The current implementation only provides support for Mandatory Access Control (MAC)
  13. 13. Access Control in OpenSplice ☐ OpenSplice implements two access control Copyright  2011,  PrismTech  –    All  Rights  Reserved. enforcement points: ☐ Inbound traffic. When reading data from the network, the following checks are carried out:OpenSplice DDS ☐ is the reader allowed to receive the data? ☐ was the data published by a trusted node? (in other words, was the sender allowed to send the data) ☐ Outbound Traffic. When writing data to the network, the following check is carried out: ☐ is the user allowed to write data to the network?
  14. 14. MAC in OpenSplice ☐ Mandatory Access Control (MAC) in Open Splice combines Copyright  2011,  PrismTech  –    All  Rights  Reserved. the Bell-LaPadula and Biba models to ensure confidentiality and data integrity. ☐ Each resource (object) has a classification made by (1)OpenSplice DDS secrecy level, (2) integrity level and (3) a set of compartments that this resource is intended for ☐ Each user (subject) has a clearance made by (1) secrecy level, (2) an integrity level and (3) a set of compartments this user has a ‘need-to-know’ for
  15. 15. MAC in OpenSplice Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ To determine if a user is authorized to access a resource, e.g. publish a certain topic or subscribe to aOpenSplice DDS topic, the clearance of the user is compared to the classification of the resource
  16. 16. Secrecy Level Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Subscribing is permitted if the resource’s secrecy level is identical or lower than the user’s secrecy levelOpenSplice DDS ☐ Publishing is permitted if the resource’s secrecy level is identical or higher than the user’s secrecy level
  17. 17. Integrity Level Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Subscribing is permitted if the resource’s integrity level is identical or higherOpenSplice DDS ☐ Publishing is permitted if the resource’s integrity level is identical or lower
  18. 18. Need to Know Copyright  2011,  PrismTech  –    All  Rights  Reserved. ☐ Publish/Subscribe is permitted if the user’s set ofOpenSplice DDS compartments is a subset of the resource’s set of compartments

×