SlideShare a Scribd company logo
1 of 15
Download to read offline
9/27/2017 Copyright © 2017 OMG. All rights reserved. 1
DDS Security Interoperability Demo
DDS™ – The Proven Data Connectivity Standard for IIoT™
dds/2017-12-01
DDS Security Demo — Overview
12/06/17 2
• 5 Vendor Products:
• CoreDX DDS from Twin Oaks Computing
• Connext DDS from Real Time Innovations (RTI)
• InterComm DDS from Kongsberg
• Vortex Cafe DDS from ADLink
• OpenDDS from Object Computing Inc (OCI)
• Using Shapes demo software:
• Familiar from previous interoperability demos
• Demonstrating granular configurability of DDS Security protocols
• Each Participant has its own permissions – what exactly it can publish / subscribe
• Each Topic has its own configuration – encrypted, signed, clear, encrypted discovery
DDS Security Demo — Topics
12/06/17 3
Square Topic
- Secure Discovery
- Encrypted Data
- Authenticated Metadata
- Protected Access:
Authenticated Participants
must have permissions
to publish and/or
subscribe
Circle Topic
- Secure Discovery
- Authenticated Data
- Authenticated Metadata
- Protected Access:
Participants must have
permissions to
publish and/or
subscribe
Triangle Topic
- Open Discovery
- Open Data
- Open Access:
Any participant may
publish and/or
subscribe
DDS Security Configuration
PermissionsIdentity
Governance
PermissionsIdentity
PermissionsIdentity
PrivateKey
PrivateKey
PrivateKey
Identity CA Permissions CA
PermissionsIdentity
PrivateKey
DDS Security Demo — Publishing
12/06/17 5
Permissions
- ALLOW Write Square
- DENY Write Circle
Permissions
- ALLOW Write Circle
- DENY Write Triangle
Permissions
- ALLOW Write Triangle
- DENY Write Square
Permissions
- ALLOW Write Triangle
- DENY Write Circle
DDS Security Demo — Subscribing
6
Permissions
Permissions
Permissions
Permissions
• The demo consists of the following scenarios:
• Interoperability Without Security Enabled (SC#0)
• Controlled Access to Domain (SC#1)
• Enabling Open Access to Selected Topics (SC#2)
• Data Integrity versus Encryption (SC#3)
• Metadata protection (SC#4)
• Secure Discovery (SC#5)
• Topic Level Access Control (SC#6)
Demo
12/06/17 Copyright © 2017 OMG. All rights reserved. 7
• Objective: DDS Security is an extension of
DDS—still possible to run applications without
any protection.
• Governance File: Specifies domain 0 as an
“open domain”.
Governance_SC0_SecurityDisabled.xml
• Permission Files: None are needed for this
scenario.
Permissions_JoinDomain_<VENDOR>.xml
• Applications: Regular and Secured and Shapes
Demo
SC#0: Interoperability Without Security
Copyright © 2017 OMG. All rights reserved. 8
Subscribing to
“Square”
Expected Result
All (Secure)
RTI, TwinOaks,
Kongsberg
Receives All:
Square: BLUE, GREEN,
MAGENTA , RED, ORANGE
All (Not Secure)
RTI, TwinOaks,
Kongsberg
Receives All:
Square: BLUE, GREEN,
MAGENTA, RED, ORANGE
12/06/17
Publishing
RTI
SecureShapes
BLUE Square
TwinOaks
SecureShapes
GREEN Square
Kongsberg
SecureShapes
MAGENTA Square
ADLink
RegularShapes
RED Square
OCI
RegularShapes
ORANGE Square
OFF
OFF
OFF
OFF
OFF
• Objective: DDS Security can be used to protect
access to a DDS Domain. Only applications that
can authenticate and have the proper
permissions can join the Domain.
• Governance File: Specifies domain 0 as a
"protected domain."
Governance_SC1_ProtectedDomain1.xml
• Permission Files: Each vendor has its own
permissions file.
Permissions_JoinDomain_<VENDOR>.xml.
• Applications: Regular and Secured and Shapes
Demo
SC#1: Controlled Access to Domain
Copyright © 2017 OMG. All rights reserved. 9
Subscribing to
“Square”
Expected Result
All (Secure)
RTI, TwinOaks,
Kongsberg,
ADLink
Receives only from Secure:
Square: BLUE, GREEN, MAGENTA , RED
All (Not Secure)
RTI, TwinOaks,
Kongsberg, OCI,
ADLink
Receives only from Non-Secure
Square: ORANGE
12/06/17
Publishing
RTI
BLUE
Square
TwinOaks
GREEN
Square
Kongsberg
MAGENTA
Square
ADLink
RED
Square
OCI
ORANGE
Square
Subscribing
“Square”, “Circle”, “Triangle”
Expected Result
Receives:
RTI (Secure)
Read Perm: Circle + Triangle
Square: none
Circle: GREEN, RED
Triangle: BLUE, GREEN,
MAGENTA , RED, ORANGE
Twin Oaks (Secure)
Read Perm: Square + Triangle
Square: BLUE, MAGENTA
Circle: none
Triangle: BLUE, GREEN,
MAGENTA, RED, ORANGE
Kongsberg (Secure)
Read Perm: Square + Circle
Square: BLUE, MAGENTA
Circle: GREEN, RED
Triangle: BLUE, GREEN,
MAGENTA, RED, ORANGE
ADLink (Secure)
Read Perm: Square + Circle
Square: BLUE, MAGENTA ,
Circle: GREEN, RED
Triangle: BLUE, GREEN,
MAGENTA , RED, ORANGE
OCI (Not Secure) Square: ORANGE,
Circle: ORANGE
Triangle: BLUE, GREEN,
MAGENTA, RED, ORANGE
• Objective: Illustrates it is possible to allow access to certain
Topics by unsecured applications (e.g, for legacy applications
not running DDS Security).
• Governance File:
Governance_SC2_ProtectedDomain2.xml
• Allows unauthenticated participants to join domain 0
• Square and Circle:
•Protected for read/write access
•Encrypt/sign metadata
•Use secure discovery
• Triangle
•Unprotected for read/write access (open to all)
•No encrypt/sign
•Use regular (unsecured) discovery
•Permission Files: Each vendor has its own permissions file.
Permissions_TopicLevel_<VENDOR>.xml.
•Applications: Regular and Secure and Shapes Demo
SC#2: Open Access to Selected Topics
Publishing
RTI
Write Perm: Squares
BLUE Square
BLUE Circle
BLUE Triangle
TwinOaks
Write Perm: Circle
GREEN Square
GREEN Circle
GREEN Triangle
Kongsberg
Write Perm: Square
MAGENTA Square
MAGENTA Circle
MAGENTA Triangle
ADLink
Write Perm: Circle
RED Square
RED Circle
RED Triangle
OCI
ORANGE Square
ORANGE Circle
ORANGE Triangle
• Objective: Illustrate different kinds of data
protection.
• Encrypted (EN+SG)—(Encrypt and Sign)
protected
• Signed data (SG)—vulnerable to snooping
but not tampering
• Open data (OD)—vulnerable to tampering
• Governance File: Specifies domain 0 as a
"protected domain”
Governance_SC3_ProtectedDomain3.xml
• Squares shall be encrypted
• Circles shall be signed
• Triangles are unprotected
• Permission Files: Each vendor has its own
permissions file.
Permissions_JoinDomain_<VENDOR>.xml .
• Applications: Secured Shapes Demo + Wireshark
SC#3: Data Integrity versus Encryption
Subscribing:
Square + Circle
+ Triangle
Expected Result
All (Secure)
RTI, TwinOaks,
Kongsberg,
ADLink
Square:
BLUE, GREEN, MAGENTA, RED
Circle:
BLUE, GREEN, MAGENTA, RED
Triangle:
BLUE, GREEN, MAGENTA, RED,
ORANGE
All (Not Secure)
RTI, TwinOaks,
Kongsberg, OCI,
ADLink
Square:
Circle:
Triangle: BLUE, GREEN,
MAGENTA, RED, ORANGE
Wireshark Can see Triangle data in the clear
Can see Circle data, but it is signed
(or OD from OCI)
Cannot see Square data—it is
encrypted
Publishing
RTI
BLUE Square (EN + SG) ‘#’
BLUE Circle (SG) ‘$’
BLUE Triangle (OD) ‘%’
TwinOaks
GREEN Square (EN + SG) ‘#’
GREEN Circle (SG) ‘$’
GREEN Triangle (OD) ‘%’
Kongsberg
MAGENTA Square (EN + SG) ‘#’
MAGENTA Circle (SG) ‘$’
MAGENTA Triangle (OD) ‘%‘
ADLink
GREEN Square (EN + SG) ‘#’
GREEN Circle (SG) ‘$’
RED Triangle (OD) ‘%’
OCI (not secure)
ORANGE Triangle ‘%’
ShapeSizes:
Square -> 35 ‘#’
Circle -> 36 ‘$’
Triangle -> 37 ‘%’
• Objective: Illustrate concept of protecting metadata.
• Encrypted (EN+SG)—Encrypt and Signed
metadata protected
• Signed metadata (SG)—vulnerable to snooping
but not tampering
• Open metadata (OD)—vulnerable to tampering
• Governance File: Specifies domain 0 as a "protected
domain"
Governance_SC4_ProtectedDomain4.xml
• Square metadata shall be encrypted
• Circle metadata shall be signed,
• Triangle metadata is unprotected
• Payload is left open for all topics for illustration
• Permission Files: Each vendor has its own permissions
file. Permissions_JoinDomain_<VENDOR>.xml .
SC#4: Metadata Protection
Publishing
RTI
BLUE Square (EN + SG) ‘#’
BLUE Circle (SG) ‘$’
BLUE Triangle (OD) ‘%’
TwinOaks
GREEN Square (EN + SG) ‘#’
GREEN Circle (SG) ‘$’
GREEN Triangle (OD) ‘%’
Kongsberg
MAGENTA Square (EN+SG) ‘#’
MAGENTA Circle (SG) ‘$’
MAGENTA Triangle (OD) ‘%‘
ADLink
RED Square (EN + SG) ‘#’
RED Circle (SG) ‘$’
RED Triangle (OD) ‘%‘
OCI (not secure)
ORANGE Triangle ‘%’
Subscribing Expected Result
All (Secure)
RTI,
TwinOaks,
Kongsberg,
ADLink
Square: BLUE, GREEN,
MAGENTA, RED
Circle: BLUE, GREEN,
MAGENTA, RED
Triangle: BLUE, GREEN,
MAGENTA, RED,
ORANGE
All (Not Secure)
RTI,
TwinOaks,
Kongsberg,
ADLink, OCI
Square:
Circle:
Triangle: BLUE, GREEN,
MAGENTA, RED,
ORANGE
Wireshark Can see Triangle
metadata & data
Can see Circle metadata,
but it is signed
Cannot see Square
metadata—it is encrypted
Also peek at Discovery – It is all clear
ShapeSizes:
Square -> 35 ‘#’
Circle -> 36 ‘$’
Triangle -> 37 ‘%’
• Objective: Illustrates that discovery information also be
protected.
• Governance File: Specifies domain 0 as a "protected
domain."
Governance_SC5_ProtectedDomain5.xml
• Topic Triangle data and metadata are neither
encrypted nor signed—sent over regular discovery
• Topic Circle data and metadata are signed, but not
encrypted—sent over secure discovery
• Topic Square data and metadata are encrypted and
signed—sent over secure discovery
•Permission Files: Each vendor has its own permissions file.
Permissions_JoinDomain_<VENDOR>.xml .
•Applications: Secure Shapes Demo
SC#5: Secure Discovery
Publishing
RTI
BLUE Square (EN + SG)
BLUE Circle (SG)
BLUE Triangle (OD)
TwinOaks
GREEN Square (EN + SG)
GREEN Circle (SG)
GREEN Triangle (OD)
Kongsberg
MAGENTA Square (EN+SG)
MAGENTA Circle (SG)
MAGENTA Triangle (OD)
ADLink
RED Square (EN + SG)
RED Circle (SG)
RED Triangle (OD)
OCI
ORANGE Triangle (OD)
Subscribing
Square + Circle +
Triangle
Expected Result
All (Secure)
RTI, TwinOaks,
Kongsberg
Square: BLUE, GREEN,
MAGENTA, RED
Circle: BLUE, GREEN, MAGENTA,
RED
Triangle: BLUE, GREEN,
MAGENTA , RED, ORANGE
All (Not Secure)
RTI, TwinOaks,
Kongsberg,
OCI, ADLink
Square:
Circle:
Triangle: BLUE, GREEN,
MAGENTA, RED, ORANGE
Wireshark
Can see Triangle discovery in the clear
Cannot see Circle discovery
Cannot see Square discovery
Subscribing Expected Result
RTI
Read Perm:
Circle + Triangle
Subscribes:
Square, Circle, Triangle
Receives:
Square: none
Circle: GREEN, RED
Triangle: none
Twin Oaks
Read Perm:
Square+Triangle
Subscribes:
Square, Circle, Triangle
Receives:
Square: BLUE, MAGENTA
Circle: none
Triangle: none
Kongsberg
Read Perm:
Square + Circle
Subscribes:
Square, Circle, Triangle
Receives:
Square: BLUE
Circle: GREEN, RED
Triangle: none
ADLink
Read Perm:
Square + Circle
Subscribes:
Square, Circle, Triangle
Receives:
Square: BLUE, MAGENTA
Circle: GREEN, RED
Triangle: none
OCI (Not Secure) Triangle: ORANGE
• Objective: Illustrates fine-grain access control at the
Topic level.
• Governance File: Specifies domain 0 as a "protected
domain." Indicates that Square
• All topics are protected for read/write access.
• All topics are sent over secure discovery
• All topics encrypt and sign metadata
• Governance_SC6_ProtectedDomain6.xml
•Permission Files: Each vendor has its own permissions file.
Permissions_TopicLevel_<VENDOR>.xml .
•Applications: Secure Shapes Demo
SC#6: Topic-Level Access Control
12/06/17
Publishing
RTI
Write Perm: Squares
BLUE Square
BLUE Circle
BLUE Triangle
TwinOaks
Write Perm: Circle
GREEN Square
GREEN Circle
GREEN Triangle
Kongsberg
Write Perm: Square
MAGENTA Square
MAGENTA Circle
MAGENTA Triangle
ADLink
Write Perm: Circle
RED Square
RED Circle
RED Triangle
OCI (Not Secure)
ORANGE Triangle
Questions?

More Related Content

Similar to DDS-Security Interoperability Demo - December 2017

KNN Classification Over Semantically secure Encrypt Data
KNN Classification Over Semantically secure Encrypt DataKNN Classification Over Semantically secure Encrypt Data
KNN Classification Over Semantically secure Encrypt DataLakshmi Reddy
 
DDS 2010 Interoperability Demo
DDS 2010 Interoperability DemoDDS 2010 Interoperability Demo
DDS 2010 Interoperability DemoAngelo Corsaro
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSectricity
 
DDS Interoperability Demo using the DDS-RTPS standard protocol 2010
DDS Interoperability Demo using the DDS-RTPS standard protocol 2010DDS Interoperability Demo using the DDS-RTPS standard protocol 2010
DDS Interoperability Demo using the DDS-RTPS standard protocol 2010Gerardo Pardo-Castellote
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudZscaler
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCloudIDSummit
 
DataLockerOverview vs 3.9 Final_120715
DataLockerOverview vs 3.9 Final_120715DataLockerOverview vs 3.9 Final_120715
DataLockerOverview vs 3.9 Final_120715Patrick Eyberg
 
DDS Interoperability Demo June 2013 (Berlin, Germany)
DDS Interoperability Demo June 2013 (Berlin, Germany)DDS Interoperability Demo June 2013 (Berlin, Germany)
DDS Interoperability Demo June 2013 (Berlin, Germany)Gerardo Pardo-Castellote
 
Content is King - Symantec
Content is King - SymantecContent is King - Symantec
Content is King - SymantecHarry Gunns
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAleksandr Timorin
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
ArchivePod a legacy data solution when migrating to the #CLOUD
ArchivePod a legacy data solution when migrating to the #CLOUDArchivePod a legacy data solution when migrating to the #CLOUD
ArchivePod a legacy data solution when migrating to the #CLOUDGaret Keller
 
7 DDS Innovations to Improve your Next Distributed System
7 DDS Innovations to Improve your Next Distributed System7 DDS Innovations to Improve your Next Distributed System
7 DDS Innovations to Improve your Next Distributed SystemReal-Time Innovations (RTI)
 
IRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET Journal
 

Similar to DDS-Security Interoperability Demo - December 2017 (20)

KNN Classification Over Semantically secure Encrypt Data
KNN Classification Over Semantically secure Encrypt DataKNN Classification Over Semantically secure Encrypt Data
KNN Classification Over Semantically secure Encrypt Data
 
DDS 2010 Interoperability Demo
DDS 2010 Interoperability DemoDDS 2010 Interoperability Demo
DDS 2010 Interoperability Demo
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
 
DDS Interoperability Demo using the DDS-RTPS standard protocol 2010
DDS Interoperability Demo using the DDS-RTPS standard protocol 2010DDS Interoperability Demo using the DDS-RTPS standard protocol 2010
DDS Interoperability Demo using the DDS-RTPS standard protocol 2010
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
CIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the EnterpriseCIS13: APIs, Identity, and Securing the Enterprise
CIS13: APIs, Identity, and Securing the Enterprise
 
DataLockerOverview vs 3.9 Final_120715
DataLockerOverview vs 3.9 Final_120715DataLockerOverview vs 3.9 Final_120715
DataLockerOverview vs 3.9 Final_120715
 
DDS Interoperability Demo June 2013 (Berlin, Germany)
DDS Interoperability Demo June 2013 (Berlin, Germany)DDS Interoperability Demo June 2013 (Berlin, Germany)
DDS Interoperability Demo June 2013 (Berlin, Germany)
 
Content is King - Symantec
Content is King - SymantecContent is King - Symantec
Content is King - Symantec
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
ArchivePod a legacy data solution when migrating to the #CLOUD
ArchivePod a legacy data solution when migrating to the #CLOUDArchivePod a legacy data solution when migrating to the #CLOUD
ArchivePod a legacy data solution when migrating to the #CLOUD
 
7 DDS Innovations to Improve your Next Distributed System
7 DDS Innovations to Improve your Next Distributed System7 DDS Innovations to Improve your Next Distributed System
7 DDS Innovations to Improve your Next Distributed System
 
IRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under Drivehq
 

More from Gerardo Pardo-Castellote

DDS, the US Navy, and the Need for Distributed Software
DDS, the US Navy,  and the Need for Distributed SoftwareDDS, the US Navy,  and the Need for Distributed Software
DDS, the US Navy, and the Need for Distributed SoftwareGerardo Pardo-Castellote
 
Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Gerardo Pardo-Castellote
 
A Converged Approach to Standards for Industrial Automation
A Converged Approach to Standards for Industrial AutomationA Converged Approach to Standards for Industrial Automation
A Converged Approach to Standards for Industrial AutomationGerardo Pardo-Castellote
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkGerardo Pardo-Castellote
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
DDS for eXtremely Resource Constrained Environments 1.0 Beta
DDS for eXtremely Resource Constrained Environments 1.0 BetaDDS for eXtremely Resource Constrained Environments 1.0 Beta
DDS for eXtremely Resource Constrained Environments 1.0 BetaGerardo Pardo-Castellote
 
Extensible Types for DDS (DDS-XTYPES) version 1.2
Extensible Types for DDS (DDS-XTYPES) version 1.2Extensible Types for DDS (DDS-XTYPES) version 1.2
Extensible Types for DDS (DDS-XTYPES) version 1.2Gerardo Pardo-Castellote
 
Interface Definition Language (IDL) version 4.2
Interface Definition Language (IDL) version 4.2 Interface Definition Language (IDL) version 4.2
Interface Definition Language (IDL) version 4.2 Gerardo Pardo-Castellote
 
DDS for eXtremely Resource Constrained Environments
DDS for eXtremely Resource Constrained EnvironmentsDDS for eXtremely Resource Constrained Environments
DDS for eXtremely Resource Constrained EnvironmentsGerardo Pardo-Castellote
 
DDS-XRCE - Revised Submission Presentation (September 2017)
DDS-XRCE - Revised Submission Presentation (September 2017)DDS-XRCE - Revised Submission Presentation (September 2017)
DDS-XRCE - Revised Submission Presentation (September 2017)Gerardo Pardo-Castellote
 
DDS-XRCE (Extremely Resource Constrained Environments)
DDS-XRCE (Extremely Resource Constrained Environments)DDS-XRCE (Extremely Resource Constrained Environments)
DDS-XRCE (Extremely Resource Constrained Environments)Gerardo Pardo-Castellote
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)Gerardo Pardo-Castellote
 
The Platform for the Industrial Internet of Things (IIoT)
The Platform for the Industrial Internet of Things (IIoT)The Platform for the Industrial Internet of Things (IIoT)
The Platform for the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
Web Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceWeb Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceGerardo Pardo-Castellote
 

More from Gerardo Pardo-Castellote (20)

DDS, the US Navy, and the Need for Distributed Software
DDS, the US Navy,  and the Need for Distributed SoftwareDDS, the US Navy,  and the Need for Distributed Software
DDS, the US Navy, and the Need for Distributed Software
 
Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.
 
DDS-TSN OMG Request for Proposals (RFP)
DDS-TSN OMG Request for Proposals (RFP)DDS-TSN OMG Request for Proposals (RFP)
DDS-TSN OMG Request for Proposals (RFP)
 
A Converged Approach to Standards for Industrial Automation
A Converged Approach to Standards for Industrial AutomationA Converged Approach to Standards for Industrial Automation
A Converged Approach to Standards for Industrial Automation
 
Overview of the DDS-XRCE specification
Overview of the DDS-XRCE specificationOverview of the DDS-XRCE specification
Overview of the DDS-XRCE specification
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway Specification
 
OPC UA/DDS Gateway version 1.0 Beta
OPC UA/DDS Gateway version 1.0 BetaOPC UA/DDS Gateway version 1.0 Beta
OPC UA/DDS Gateway version 1.0 Beta
 
DDS for eXtremely Resource Constrained Environments 1.0 Beta
DDS for eXtremely Resource Constrained Environments 1.0 BetaDDS for eXtremely Resource Constrained Environments 1.0 Beta
DDS for eXtremely Resource Constrained Environments 1.0 Beta
 
Extensible Types for DDS (DDS-XTYPES) version 1.2
Extensible Types for DDS (DDS-XTYPES) version 1.2Extensible Types for DDS (DDS-XTYPES) version 1.2
Extensible Types for DDS (DDS-XTYPES) version 1.2
 
DDS-Security version 1.1
DDS-Security version 1.1DDS-Security version 1.1
DDS-Security version 1.1
 
Interface Definition Language (IDL) version 4.2
Interface Definition Language (IDL) version 4.2 Interface Definition Language (IDL) version 4.2
Interface Definition Language (IDL) version 4.2
 
DDS Security Specification version 1.0
DDS Security Specification version 1.0DDS Security Specification version 1.0
DDS Security Specification version 1.0
 
DDS for eXtremely Resource Constrained Environments
DDS for eXtremely Resource Constrained EnvironmentsDDS for eXtremely Resource Constrained Environments
DDS for eXtremely Resource Constrained Environments
 
DDS-XRCE - Revised Submission Presentation (September 2017)
DDS-XRCE - Revised Submission Presentation (September 2017)DDS-XRCE - Revised Submission Presentation (September 2017)
DDS-XRCE - Revised Submission Presentation (September 2017)
 
DDS-XRCE (Extremely Resource Constrained Environments)
DDS-XRCE (Extremely Resource Constrained Environments)DDS-XRCE (Extremely Resource Constrained Environments)
DDS-XRCE (Extremely Resource Constrained Environments)
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
The Platform for the Industrial Internet of Things (IIoT)
The Platform for the Industrial Internet of Things (IIoT)The Platform for the Industrial Internet of Things (IIoT)
The Platform for the Industrial Internet of Things (IIoT)
 
Web Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS ConferenceWeb Enabled DDS - London Connext DDS Conference
Web Enabled DDS - London Connext DDS Conference
 

Recently uploaded

Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.Sharon Liu
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmonyelliciumsolutionspun
 

Recently uploaded (20)

Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
 

DDS-Security Interoperability Demo - December 2017

  • 1. 9/27/2017 Copyright © 2017 OMG. All rights reserved. 1 DDS Security Interoperability Demo DDS™ – The Proven Data Connectivity Standard for IIoT™ dds/2017-12-01
  • 2. DDS Security Demo — Overview 12/06/17 2 • 5 Vendor Products: • CoreDX DDS from Twin Oaks Computing • Connext DDS from Real Time Innovations (RTI) • InterComm DDS from Kongsberg • Vortex Cafe DDS from ADLink • OpenDDS from Object Computing Inc (OCI) • Using Shapes demo software: • Familiar from previous interoperability demos • Demonstrating granular configurability of DDS Security protocols • Each Participant has its own permissions – what exactly it can publish / subscribe • Each Topic has its own configuration – encrypted, signed, clear, encrypted discovery
  • 3. DDS Security Demo — Topics 12/06/17 3 Square Topic - Secure Discovery - Encrypted Data - Authenticated Metadata - Protected Access: Authenticated Participants must have permissions to publish and/or subscribe Circle Topic - Secure Discovery - Authenticated Data - Authenticated Metadata - Protected Access: Participants must have permissions to publish and/or subscribe Triangle Topic - Open Discovery - Open Data - Open Access: Any participant may publish and/or subscribe
  • 5. DDS Security Demo — Publishing 12/06/17 5 Permissions - ALLOW Write Square - DENY Write Circle Permissions - ALLOW Write Circle - DENY Write Triangle Permissions - ALLOW Write Triangle - DENY Write Square Permissions - ALLOW Write Triangle - DENY Write Circle
  • 6. DDS Security Demo — Subscribing 6 Permissions Permissions Permissions Permissions
  • 7. • The demo consists of the following scenarios: • Interoperability Without Security Enabled (SC#0) • Controlled Access to Domain (SC#1) • Enabling Open Access to Selected Topics (SC#2) • Data Integrity versus Encryption (SC#3) • Metadata protection (SC#4) • Secure Discovery (SC#5) • Topic Level Access Control (SC#6) Demo 12/06/17 Copyright © 2017 OMG. All rights reserved. 7
  • 8. • Objective: DDS Security is an extension of DDS—still possible to run applications without any protection. • Governance File: Specifies domain 0 as an “open domain”. Governance_SC0_SecurityDisabled.xml • Permission Files: None are needed for this scenario. Permissions_JoinDomain_<VENDOR>.xml • Applications: Regular and Secured and Shapes Demo SC#0: Interoperability Without Security Copyright © 2017 OMG. All rights reserved. 8 Subscribing to “Square” Expected Result All (Secure) RTI, TwinOaks, Kongsberg Receives All: Square: BLUE, GREEN, MAGENTA , RED, ORANGE All (Not Secure) RTI, TwinOaks, Kongsberg Receives All: Square: BLUE, GREEN, MAGENTA, RED, ORANGE 12/06/17 Publishing RTI SecureShapes BLUE Square TwinOaks SecureShapes GREEN Square Kongsberg SecureShapes MAGENTA Square ADLink RegularShapes RED Square OCI RegularShapes ORANGE Square OFF OFF OFF OFF OFF
  • 9. • Objective: DDS Security can be used to protect access to a DDS Domain. Only applications that can authenticate and have the proper permissions can join the Domain. • Governance File: Specifies domain 0 as a "protected domain." Governance_SC1_ProtectedDomain1.xml • Permission Files: Each vendor has its own permissions file. Permissions_JoinDomain_<VENDOR>.xml. • Applications: Regular and Secured and Shapes Demo SC#1: Controlled Access to Domain Copyright © 2017 OMG. All rights reserved. 9 Subscribing to “Square” Expected Result All (Secure) RTI, TwinOaks, Kongsberg, ADLink Receives only from Secure: Square: BLUE, GREEN, MAGENTA , RED All (Not Secure) RTI, TwinOaks, Kongsberg, OCI, ADLink Receives only from Non-Secure Square: ORANGE 12/06/17 Publishing RTI BLUE Square TwinOaks GREEN Square Kongsberg MAGENTA Square ADLink RED Square OCI ORANGE Square
  • 10. Subscribing “Square”, “Circle”, “Triangle” Expected Result Receives: RTI (Secure) Read Perm: Circle + Triangle Square: none Circle: GREEN, RED Triangle: BLUE, GREEN, MAGENTA , RED, ORANGE Twin Oaks (Secure) Read Perm: Square + Triangle Square: BLUE, MAGENTA Circle: none Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE Kongsberg (Secure) Read Perm: Square + Circle Square: BLUE, MAGENTA Circle: GREEN, RED Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE ADLink (Secure) Read Perm: Square + Circle Square: BLUE, MAGENTA , Circle: GREEN, RED Triangle: BLUE, GREEN, MAGENTA , RED, ORANGE OCI (Not Secure) Square: ORANGE, Circle: ORANGE Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE • Objective: Illustrates it is possible to allow access to certain Topics by unsecured applications (e.g, for legacy applications not running DDS Security). • Governance File: Governance_SC2_ProtectedDomain2.xml • Allows unauthenticated participants to join domain 0 • Square and Circle: •Protected for read/write access •Encrypt/sign metadata •Use secure discovery • Triangle •Unprotected for read/write access (open to all) •No encrypt/sign •Use regular (unsecured) discovery •Permission Files: Each vendor has its own permissions file. Permissions_TopicLevel_<VENDOR>.xml. •Applications: Regular and Secure and Shapes Demo SC#2: Open Access to Selected Topics Publishing RTI Write Perm: Squares BLUE Square BLUE Circle BLUE Triangle TwinOaks Write Perm: Circle GREEN Square GREEN Circle GREEN Triangle Kongsberg Write Perm: Square MAGENTA Square MAGENTA Circle MAGENTA Triangle ADLink Write Perm: Circle RED Square RED Circle RED Triangle OCI ORANGE Square ORANGE Circle ORANGE Triangle
  • 11. • Objective: Illustrate different kinds of data protection. • Encrypted (EN+SG)—(Encrypt and Sign) protected • Signed data (SG)—vulnerable to snooping but not tampering • Open data (OD)—vulnerable to tampering • Governance File: Specifies domain 0 as a "protected domain” Governance_SC3_ProtectedDomain3.xml • Squares shall be encrypted • Circles shall be signed • Triangles are unprotected • Permission Files: Each vendor has its own permissions file. Permissions_JoinDomain_<VENDOR>.xml . • Applications: Secured Shapes Demo + Wireshark SC#3: Data Integrity versus Encryption Subscribing: Square + Circle + Triangle Expected Result All (Secure) RTI, TwinOaks, Kongsberg, ADLink Square: BLUE, GREEN, MAGENTA, RED Circle: BLUE, GREEN, MAGENTA, RED Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE All (Not Secure) RTI, TwinOaks, Kongsberg, OCI, ADLink Square: Circle: Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE Wireshark Can see Triangle data in the clear Can see Circle data, but it is signed (or OD from OCI) Cannot see Square data—it is encrypted Publishing RTI BLUE Square (EN + SG) ‘#’ BLUE Circle (SG) ‘$’ BLUE Triangle (OD) ‘%’ TwinOaks GREEN Square (EN + SG) ‘#’ GREEN Circle (SG) ‘$’ GREEN Triangle (OD) ‘%’ Kongsberg MAGENTA Square (EN + SG) ‘#’ MAGENTA Circle (SG) ‘$’ MAGENTA Triangle (OD) ‘%‘ ADLink GREEN Square (EN + SG) ‘#’ GREEN Circle (SG) ‘$’ RED Triangle (OD) ‘%’ OCI (not secure) ORANGE Triangle ‘%’ ShapeSizes: Square -> 35 ‘#’ Circle -> 36 ‘$’ Triangle -> 37 ‘%’
  • 12. • Objective: Illustrate concept of protecting metadata. • Encrypted (EN+SG)—Encrypt and Signed metadata protected • Signed metadata (SG)—vulnerable to snooping but not tampering • Open metadata (OD)—vulnerable to tampering • Governance File: Specifies domain 0 as a "protected domain" Governance_SC4_ProtectedDomain4.xml • Square metadata shall be encrypted • Circle metadata shall be signed, • Triangle metadata is unprotected • Payload is left open for all topics for illustration • Permission Files: Each vendor has its own permissions file. Permissions_JoinDomain_<VENDOR>.xml . SC#4: Metadata Protection Publishing RTI BLUE Square (EN + SG) ‘#’ BLUE Circle (SG) ‘$’ BLUE Triangle (OD) ‘%’ TwinOaks GREEN Square (EN + SG) ‘#’ GREEN Circle (SG) ‘$’ GREEN Triangle (OD) ‘%’ Kongsberg MAGENTA Square (EN+SG) ‘#’ MAGENTA Circle (SG) ‘$’ MAGENTA Triangle (OD) ‘%‘ ADLink RED Square (EN + SG) ‘#’ RED Circle (SG) ‘$’ RED Triangle (OD) ‘%‘ OCI (not secure) ORANGE Triangle ‘%’ Subscribing Expected Result All (Secure) RTI, TwinOaks, Kongsberg, ADLink Square: BLUE, GREEN, MAGENTA, RED Circle: BLUE, GREEN, MAGENTA, RED Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE All (Not Secure) RTI, TwinOaks, Kongsberg, ADLink, OCI Square: Circle: Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE Wireshark Can see Triangle metadata & data Can see Circle metadata, but it is signed Cannot see Square metadata—it is encrypted Also peek at Discovery – It is all clear ShapeSizes: Square -> 35 ‘#’ Circle -> 36 ‘$’ Triangle -> 37 ‘%’
  • 13. • Objective: Illustrates that discovery information also be protected. • Governance File: Specifies domain 0 as a "protected domain." Governance_SC5_ProtectedDomain5.xml • Topic Triangle data and metadata are neither encrypted nor signed—sent over regular discovery • Topic Circle data and metadata are signed, but not encrypted—sent over secure discovery • Topic Square data and metadata are encrypted and signed—sent over secure discovery •Permission Files: Each vendor has its own permissions file. Permissions_JoinDomain_<VENDOR>.xml . •Applications: Secure Shapes Demo SC#5: Secure Discovery Publishing RTI BLUE Square (EN + SG) BLUE Circle (SG) BLUE Triangle (OD) TwinOaks GREEN Square (EN + SG) GREEN Circle (SG) GREEN Triangle (OD) Kongsberg MAGENTA Square (EN+SG) MAGENTA Circle (SG) MAGENTA Triangle (OD) ADLink RED Square (EN + SG) RED Circle (SG) RED Triangle (OD) OCI ORANGE Triangle (OD) Subscribing Square + Circle + Triangle Expected Result All (Secure) RTI, TwinOaks, Kongsberg Square: BLUE, GREEN, MAGENTA, RED Circle: BLUE, GREEN, MAGENTA, RED Triangle: BLUE, GREEN, MAGENTA , RED, ORANGE All (Not Secure) RTI, TwinOaks, Kongsberg, OCI, ADLink Square: Circle: Triangle: BLUE, GREEN, MAGENTA, RED, ORANGE Wireshark Can see Triangle discovery in the clear Cannot see Circle discovery Cannot see Square discovery
  • 14. Subscribing Expected Result RTI Read Perm: Circle + Triangle Subscribes: Square, Circle, Triangle Receives: Square: none Circle: GREEN, RED Triangle: none Twin Oaks Read Perm: Square+Triangle Subscribes: Square, Circle, Triangle Receives: Square: BLUE, MAGENTA Circle: none Triangle: none Kongsberg Read Perm: Square + Circle Subscribes: Square, Circle, Triangle Receives: Square: BLUE Circle: GREEN, RED Triangle: none ADLink Read Perm: Square + Circle Subscribes: Square, Circle, Triangle Receives: Square: BLUE, MAGENTA Circle: GREEN, RED Triangle: none OCI (Not Secure) Triangle: ORANGE • Objective: Illustrates fine-grain access control at the Topic level. • Governance File: Specifies domain 0 as a "protected domain." Indicates that Square • All topics are protected for read/write access. • All topics are sent over secure discovery • All topics encrypt and sign metadata • Governance_SC6_ProtectedDomain6.xml •Permission Files: Each vendor has its own permissions file. Permissions_TopicLevel_<VENDOR>.xml . •Applications: Secure Shapes Demo SC#6: Topic-Level Access Control 12/06/17 Publishing RTI Write Perm: Squares BLUE Square BLUE Circle BLUE Triangle TwinOaks Write Perm: Circle GREEN Square GREEN Circle GREEN Triangle Kongsberg Write Perm: Square MAGENTA Square MAGENTA Circle MAGENTA Triangle ADLink Write Perm: Circle RED Square RED Circle RED Triangle OCI (Not Secure) ORANGE Triangle