Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Secure Event Management
SEI 2 Smart Factory
Salvatore Piccione (TXT e-solutions S.p.A.)

15/11/2013

Secure Event Manageme...
Outline
• Why?

• What?
– Secure Event Management components

• So what?

15/11/2013

Secure Event Management

2
Why?
• Multitude of smart objects and services

• Demand for event-driven interactions
• Controlled access to production d...
What?

MES

CEP Engines

Remote maintenance
operators

Corporate domain border

Secure Event
Access Manager

Worker

15/11...
Events’ namespace
• Taxonomy of the events conveyed by the
event bus
• Conventions
– Leaf nodes represent event producers
...
Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer

ProductionPlant1

ProductionLine1

…

Product...
Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer

WashingMachineManufacturer.ProductionPlant1.
...
Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer

WashingMachineManufacturer.ProductionPlant1.
...
Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer

WashingMachineManufacturer.ProductionPlant1.
...
Events’ namespace - example 2
Notifications
WashingMachineManufacturer
Alerting

QualityAssurance

ProductionPlant1

Produ...
Namespace Manager

15/11/2013

Secure Event Management

11
Capability-based security

A capability is a communicable and unforgeable
token of authority.
By owning it, a process/subj...
Capability token
• Digitally signed XML document

• Based on standards for access control policies
(XACML, SAML)
• Two typ...
Anatomy of a capability token
•
•
•
•
•
•
•

Issuer (who issues the capability)
Subject (who the rights are granted to)
Re...
Capability-based security in action
trust
trust
Production Line 1
Manager

Plant 1 Manager
trust
Production Plant 1
Produc...
Capability-based security in action
trust
trust

Cap#1 (Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Patte...
Capability-based security in action
trust

Plant 1 Manager
trust

Cap#2 (Non-Root)
Rights: Pub/Sub (delegable)
Namespace: ...
Capability-based security in action
trust
trust

Plant 1 Manager
trust

Production Line 1
Manager
Cap#3 (Non-Root)
Rights:...
Capability-based security in action
trust
trust

Plant 1 Manager
trust

Production Line 1
Manager
Cap#4 (Non-Root)
Rights:...
Capability-based security in action
trust
trust

Plant 1 Manager
trust
Production Plant 1
Production Line 1
Station 2

Acc...
Anatomy of a capability revocation
•
•
•
•
•

Issuer
Issuer’s capability
Unique identifier of the revoked capability
Revoc...
Why are capabilities so cool?
• Principle of Least Authority (PoLA)
• Less security issues (e.g. Confused Deputy
problem)
...
Capability wizard

15/11/2013

Secure Event Management

23
Event bus
• Based on AMQP (Advanced Message
Queueing Protocol)

• Secure Event Access Manager
– capability-based security
...
Access to event streams by clients
• Managed by the Secure Event Access Manager

• How it works
1. Session setting up
2. S...
AMQP in a nutshell
Subscribers

Queue #1
Publisher

Routing key ≡ Pattern
a.b.c.
Exchange

binding(a.b.*)

Queue #2

Queue...
AMQP in a nutshell
Subscribers

a.b.c
Queue #1
Publisher
a.b.*

a.b.c.
Exchange

Queue #2

a.#

Queue #3

15/11/2013

Secu...
AMQP in a nutshell
Subscribers

a.b.c
a.b.c.

Queue #1
Publisher
a.b.*

a.b.c.
Exchange

Queue #2

a.#
a.b.c.

Queue #3

1...
AMQP in a nutshell
Subscribers

a.b.c
Queue #1
Publisher
a.b.*

a.b.x
Exchange

Queue #2

a.#

Queue #3

15/11/2013

Secur...
AMQP in a nutshell
Subscribers

a.b.c
Queue #1
Publisher
a.b.*

a.b.x
Exchange

Queue #2

a.#
a.b.x

Queue #3

15/11/2013
...
AMQP in a nutshell
Subscribers

a.b.c
Queue #1
Publisher
a.b.*

a.y.z
Exchange

Queue #2

a.#

Queue #3

15/11/2013

Secur...
AMQP in a nutshell
Subscribers

a.b.c
Queue #1
Publisher
a.b.*
Exchange

Queue #2

a.#
a.y.z

Queue #3

15/11/2013

Secure...
AMQP in a nutshell
Broker
Virtual Host #1

15/11/2013

Virtual Host #2

Secure Event Management

Virtual Host #n

33
Integrated Management Console
Management of the brokers

15/11/2013

Secure Event Management

34
Integrated Management Console
Management of the virtual hosts

15/11/2013

Secure Event Management

35
Integrated Management Console
Management of the virtual hosts-namespaces mapping

15/11/2013

Secure Event Management

36
So what?
• Complete decoupling of event sources and
consumers (asynchronous interactions,
timeliness)
• Dynamic and smooth...
Thanks for your attention!

Q&A

15/11/2013

Secure Event Management

38
Follow Us!
• Fitman website: http://www.fitman-fi.eu/

• Twitter: @FitmanFI
• Specification of this SE:
http://catalogue.f...
Upcoming SlideShare
Loading in …5
×

Secure Event Management - SEI 2 Smart Factory

1,741 views

Published on

Salvatore Piccione (TXT e-solutions S.p.A.)

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Secure Event Management - SEI 2 Smart Factory

  1. 1. Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
  2. 2. Outline • Why? • What? – Secure Event Management components • So what? 15/11/2013 Secure Event Management 2
  3. 3. Why? • Multitude of smart objects and services • Demand for event-driven interactions • Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
  4. 4. What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
  5. 5. Events’ namespace • Taxonomy of the events conveyed by the event bus • Conventions – Leaf nodes represent event producers – Intermediate nodes allow consumers to select a specific set of events – Patterns to select paths or portions within the namespace • Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
  6. 6. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
  7. 7. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
  8. 8. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
  9. 9. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
  10. 10. Events’ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 … ProductionLine1 … Station2 … … Station6 Station 6 … … Station9 15/11/2013 … Station2 … Station9 Secure Event Management 10
  11. 11. Namespace Manager 15/11/2013 Secure Event Management 11
  12. 12. Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
  13. 13. Capability token • Digitally signed XML document • Based on standards for access control policies (XACML, SAML) • Two types: Root and non-Root 15/11/2013 Secure Event Management 13
  14. 14. Anatomy of a capability token • • • • • • • Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuer’s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
  15. 15. Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
  16. 16. Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
  17. 17. Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
  18. 18. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
  19. 19. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
  20. 20. Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
  21. 21. Anatomy of a capability revocation • • • • • Issuer Issuer’s capability Unique identifier of the revoked capability Revocation starting date Revocation scope – Only the capability – All derived capabilities – The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
  22. 22. Why are capabilities so cool? • Principle of Least Authority (PoLA) • Less security issues (e.g. Confused Deputy problem) • Arbitrary granularity of access rights • Distribution of the authorization management • Independence from complexity and dynamics of identity management • Full auditability • Revocability 15/11/2013 Secure Event Management 22
  23. 23. Capability wizard 15/11/2013 Secure Event Management 23
  24. 24. Event bus • Based on AMQP (Advanced Message Queueing Protocol) • Secure Event Access Manager – capability-based security – RESTful interface 15/11/2013 Secure Event Management 24
  25. 25. Access to event streams by clients • Managed by the Secure Event Access Manager • How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
  26. 26. AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ≡ Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
  27. 27. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
  28. 28. AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
  29. 29. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
  30. 30. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
  31. 31. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
  32. 32. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
  33. 33. AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
  34. 34. Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
  35. 35. Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
  36. 36. Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
  37. 37. So what? • Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) • Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility) • Bringing data to the interested consumers instead of bringing consumers to data • Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
  38. 38. Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
  39. 39. Follow Us! • Fitman website: http://www.fitman-fi.eu/ • Twitter: @FitmanFI • Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39

×