SlideShare a Scribd company logo

DDS Security

Angelo Corsaro
Angelo Corsaro

This presentation provides an overview of the initial submission to the OMG RFP on DDS Security. The presentation introduces the overall security model proposed for DDS and the protocols.

Technology
1 of 21
Download to read offline
DDS Security [PrismTech Initial Submission for the OMG RFP mars/2010-12-37] Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com
Agenda ¨ Context Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Security Model ¨ Transport Security ¨ Key Distribution ¨ Data Protection ¨ Next Steps
Context The DDS Security specification focuses on three orthogonal aspects Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ A definition of the DDS security model ¨ A set of API defining the interface for pluggable security plugins ¨ A set extensions to the DDSI/ RTPS protocol to enable interoperable security
Submission Approach ¨ Address key requirements commonly raising in Copyright  2010,  PrismTech  –    All  Rights  Reserved. systems and system of systems ¨ Allow both endpoint as well as perimeter security approaches ¨ Leverage existing standards when possible ¨ Preserve DDS scalability do not limit the use of multicast when available
Security Properties This submission focuses on providing DDS with the following desirable properties: Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Confidentiality of the data samples being exchanged ¨ Integrity of DDS messages, data and the overall system ¨ Authentication of DDS readers and writers ¨ Authorization of DDS Entities (e.g. DomainParticipants, DataReader, DataWriters) ¨ Non-repudiation of data being sent ¨ Availability
Security Model
What can I Access? ¨ The submission proposes to define the security policies in terms of Copyright  2010,  PrismTech  –    All  Rights  Reserved. operations that “Subjects” can perform on “Objects” ¨ This submission considers the following classification: ¨ Subjects ¨ DomainParticipants ¨ Objects ¨ Topics ¨ As a consequence a DomainParticipant might be provided with rights to Create, Read, Update or Dispose Topics or a specific set of Topics
What can we secure? This submission provides two composable level of security Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Topic-Level ¨ A topic can be secure as a whole thus making its access unavailable to un-authorized applications ¨ Attribute-Level ¨ An attribute can be “obfuscated” to further control its availability. In this case some DomainParticipants might have the right to see the Topic but not the specific attribute
Examples
Topic Security enum BloodType { A, B, AB, O, An, Bn, ABn, On }; struct Person { string name; string surname; string ssn; string email; sequence<string> telephone; sequence<string> pathologies; Copyright  2010,  PrismTech  –    All  Rights  Reserved. BloodType bloodType; ¨ The entire topic long salary }; Payload content is secured encipherment in Core DDS Application DDS Application ¨ Uniform access to xxxxx xxxxx Data Sample xxxxx xxxxx topic attributes is xxxxx Hash xxxxx DDS Core DDS Core provided to authorized Hash Hash Hash users DDS Durability Service Hash Hash
Field-Based Security enum BloodType { A, B, AB, O, An, Bn, ABn, On }; struct Person { ¨ Sometimes, for a secured string name; string surname; topic you need to provide string ssn; Copyright  2010,  PrismTech  –    All  Rights  Reserved. string email; non-uniform access to sequence<string> telephone; @protected sequence<string> pathologies; some of its fields BloodType bloodType; @protected long salary }; ¨ example: Salary, Medical Records, etc. Field encipherment by application ¨ Field-based security DDS Application DDS Application provides a way to control xxxxx xxxxx Data Sample xxxxx xxxxx Hash access at a field level via xxxxx xxxxx xxxxx DDS Core DDS Core security containers Hash xxxxx Hash xxxxx xxxxx ¨ Field-based security can be xxxxx DDS Durability Service xxxxx Hash overlaid over a secure topic Hash xxxxx xxxxx xxxxx xxxxx
Field vs. Topic Security ¨ The current proposal makes Topic security completely transparent to Copyright  2010,  PrismTech  –    All  Rights  Reserved. the application ¨ The infrastructures takes care of transparently dealing with key distribution, encryption, decryption, etc. ¨ Field-based security is based on the concept of security container ¨ The infrastructure generates secure containers for “secured-fields” but will not automatically distribute keys ¨ The keys necessary to “open” the secured field are to be distributed by an application specific logic. Notice that a specific secure topic could be used for this purpose
Transport Security
TLS & DTLS TLS and DTLS are commonly used cryptographic protocols in “client/server” Copyright  2010,  PrismTech  –    All  Rights  Reserved. applications. However for DDS they present some shortcomings ¨ TLS and DTLS use in-band, blocking key-negotiation, in the default setup, thus interrupting the data exchange for a non-predictable amount of time ¨ At anytime one of the two peers may initiate a key re-negotiation, causing interruption of the data-transfer until a new session-key has been negotiated. ¨ A major drawback is that both, TLS and D-TLS, can not deal with multicast communication. A TLS based transport security would degrade a DDS system to a client-server system. Both, TLS and DLTS, are not suited for DDS transport layer security protocols.
SRTP & DDS ¨ The Secure Real-time Transport Protocol (or SRTP) defines a Copyright  2010,  PrismTech  –    All  Rights  Reserved. profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications It was first published by the IETF in March 2004 as RFC 3711. ¨ This submission proposes the use of the SRTP approach for securing DDS transport while maintaining support for unicast and multicast!
Key Distribution
MIKEY & DDS ¨ The Multimedia Internet KEYing (MIKEY) is a key management protocol that is intended for use with real-time applications. It can specifically be used to set up encryption keys for multimedia sessions that are secured using SRTP. MIKEY Copyright  2010,  PrismTech  –    All  Rights  Reserved. is defined in RFC 3830. ¨ MIKEY supports five different methods to set up a Common Secret: ¨ Pre-Shared Key (PSK): This is the most efficient way to handle the transport of the Common Secret, since only symmetric encryption is used and only a small amount of data has to be exchanged. ¨ Public-Key: The Common Secret is exchanged with the help of public key encryption. ¨ Diffie-Hellman: A Diffie-Hellman key exchange is used to set up the Common Secret. ¨ DH-HMAC (HMAC-Authenticated Diffie-Hellman): This is a light-weight version of Diffie-Hellman MIKEY ¨ RSA-R (Reverse RSA): The Common Secret is exchanged with the help of public key encryption in a way that doesn't require any PKI ¨ The RSA-R method is the appropriate concept for DDS (see submission for details)
Data Protection
Payload Protection ¨ The header contains the relevant attributes to fetch the required secrets Copyright  2010,  PrismTech  –    All  Rights  Reserved. and keys from originator or key- archive ¨ The key-archive shall operate similar to a durability service, storing keys for late joiners Data Submessage ¨ The tail contains the digest, which DATA header Security Header Payload Security Tail allows to verify integrity of the payload ¨ The concept of header and tail allows re-fragmentation of the serialized data
Next Steps Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Detail the use of SRTP and MIKEY in the context of the DDSI/RTPS wire-protocol ¨ Finalize the API for security plugin ¨ Vote for adoption
:: Connect with Us :: Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¥ opensplice.com ¥ forums.opensplice.org ¥ @acorsaro ¥ opensplice.org ¥ opensplicedds@prismtech.com ¥ @prismtech ¥ crc@prismtech.com ¥ sales@prismtech.com ¥ youtube.com/opensplicetube ¥ slideshare.net/angelo.corsaro

Recommended

DDS QoS Unleashed
DDS QoS UnleashedDDS QoS Unleashed
DDS QoS UnleashedAngelo Corsaro
 
Introduction to DDS
Introduction to DDSIntroduction to DDS
Introduction to DDSRick Warren
 
The DDS Security Standard
The DDS Security StandardThe DDS Security Standard
The DDS Security StandardAngelo Corsaro
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardAngelo Corsaro
 
DDS Over Low Bandwidth Data Links
DDS Over Low Bandwidth Data LinksDDS Over Low Bandwidth Data Links
DDS Over Low Bandwidth Data LinksReal-Time Innovations (RTI)
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDSReal-Time Innovations (RTI)
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsReal-Time Innovations (RTI)
 
DDS Best Practices
DDS Best PracticesDDS Best Practices
DDS Best PracticesGerardo Pardo-Castellote
 

Recommended

DDS QoS Unleashed
DDS QoS UnleashedDDS QoS Unleashed
DDS QoS UnleashedAngelo Corsaro
 
Introduction to DDS
Introduction to DDSIntroduction to DDS
Introduction to DDSRick Warren
 
The DDS Security Standard
The DDS Security StandardThe DDS Security Standard
The DDS Security StandardAngelo Corsaro
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardAngelo Corsaro
 
DDS Over Low Bandwidth Data Links
DDS Over Low Bandwidth Data LinksDDS Over Low Bandwidth Data Links
DDS Over Low Bandwidth Data LinksReal-Time Innovations (RTI)
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDSReal-Time Innovations (RTI)
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsReal-Time Innovations (RTI)
 
DDS Best Practices
DDS Best PracticesDDS Best Practices
DDS Best PracticesGerardo Pardo-Castellote
 
OMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsOMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsAngelo Corsaro
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part IIAngelo Corsaro
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDSJohn Breitenbach
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
SOA And Cloud Computing
SOA And Cloud ComputingSOA And Cloud Computing
SOA And Cloud ComputingDavid Chou
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkGerardo Pardo-Castellote
 
The Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingThe Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingAngelo Corsaro
 
Rclex: ElixirでROS!!
Rclex: ElixirでROS!!Rclex: ElixirでROS!!
Rclex: ElixirでROS!!Hideki Takase
 
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉Mori Ken
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
DDS and OPC UA Explained
DDS and OPC UA ExplainedDDS and OPC UA Explained
DDS and OPC UA ExplainedAngelo Corsaro
 
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...IncQuery Labs
 
Introduction of dmvpn
Introduction of dmvpnIntroduction of dmvpn
Introduction of dmvpnE-Lins Technology Co. Ltd.
 
05 第4.4節-第4.8節 ROS2の応用機能(2/2)
05 第4.4節-第4.8節 ROS2の応用機能(2/2)05 第4.4節-第4.8節 ROS2の応用機能(2/2)
05 第4.4節-第4.8節 ROS2の応用機能(2/2)Mori Ken
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack CloudStack - Open Source Cloud Computing Project
 
Getting Started with DDS in C++, Java and Scala
Getting Started with DDS in C++, Java and ScalaGetting Started with DDS in C++, Java and Scala
Getting Started with DDS in C++, Java and ScalaAngelo Corsaro
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure IntroJohn Breitenbach
 
私がなぜZscalerに?
私がなぜZscalerに?私がなぜZscalerに?
私がなぜZscalerに?Takayoshi Takaoka
 
DDS Security
DDS SecurityDDS Security
DDS SecurityReal-Time Innovations (RTI)
 
DDS in Action -- Part I
DDS in Action -- Part IDDS in Action -- Part I
DDS in Action -- Part IAngelo Corsaro
 

More Related Content

What's hot

OMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsOMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsAngelo Corsaro
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
SOA And Cloud Computing
SOA And Cloud ComputingSOA And Cloud Computing
SOA And Cloud ComputingDavid Chou
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkGerardo Pardo-Castellote
 
The Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingThe Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingAngelo Corsaro
 
Rclex: ElixirでROS!!
Rclex: ElixirでROS!!Rclex: ElixirでROS!!
Rclex: ElixirでROS!!Hideki Takase
 
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉Mori Ken
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
DDS and OPC UA Explained
DDS and OPC UA ExplainedDDS and OPC UA Explained
DDS and OPC UA ExplainedAngelo Corsaro
 
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...IncQuery Labs
 
05 第4.4節-第4.8節 ROS2の応用機能(2/2)
05 第4.4節-第4.8節 ROS2の応用機能(2/2)05 第4.4節-第4.8節 ROS2の応用機能(2/2)
05 第4.4節-第4.8節 ROS2の応用機能(2/2)Mori Ken
 
Getting Started with DDS in C++, Java and Scala
Getting Started with DDS in C++, Java and ScalaGetting Started with DDS in C++, Java and Scala
Getting Started with DDS in C++, Java and ScalaAngelo Corsaro
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
 

What's hot (20)

OMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsOMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time Systems
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part II
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDS
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway Specification
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
 
SOA And Cloud Computing
SOA And Cloud ComputingSOA And Cloud Computing
SOA And Cloud Computing
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
 
The Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingThe Art and Science of DDS Data Modelling
The Art and Science of DDS Data Modelling
 
Rclex: ElixirでROS!!
Rclex: ElixirでROS!!Rclex: ElixirでROS!!
Rclex: ElixirでROS!!
 
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
01 ROS2 実用化に関するサーベイ ROS2勉強合宿 @別府温泉
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
 
DDS and OPC UA Explained
DDS and OPC UA ExplainedDDS and OPC UA Explained
DDS and OPC UA Explained
 
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
 
Introduction of dmvpn
Introduction of dmvpnIntroduction of dmvpn
Introduction of dmvpn
 
05 第4.4節-第4.8節 ROS2の応用機能(2/2)
05 第4.4節-第4.8節 ROS2の応用機能(2/2)05 第4.4節-第4.8節 ROS2の応用機能(2/2)
05 第4.4節-第4.8節 ROS2の応用機能(2/2)
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 
Getting Started with DDS in C++, Java and Scala
Getting Started with DDS in C++, Java and ScalaGetting Started with DDS in C++, Java and Scala
Getting Started with DDS in C++, Java and Scala
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure Intro
 
私がなぜZscalerに?
私がなぜZscalerに?私がなぜZscalerに?
私がなぜZscalerに?
 

Viewers also liked

DDS in Action -- Part I
DDS in Action -- Part IDDS in Action -- Part I
DDS in Action -- Part IAngelo Corsaro
 
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...Angelo Corsaro
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitAngelo Corsaro
 
Micro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part IMicro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part IAngelo Corsaro
 
OpenSplice Security Module
OpenSplice Security ModuleOpenSplice Security Module
OpenSplice Security ModuleAngelo Corsaro
 
The DDS Tutorial - Part I
The DDS Tutorial - Part IThe DDS Tutorial - Part I
The DDS Tutorial - Part IAngelo Corsaro
 
What's the Right Messaging Standard for the IoT?
What's the Right Messaging Standard for the IoT?What's the Right Messaging Standard for the IoT?
What's the Right Messaging Standard for the IoT?Angelo Corsaro
 
OMG DDS Security Specification - 4th revised submission document
OMG DDS Security Specification - 4th revised submission documentOMG DDS Security Specification - 4th revised submission document
OMG DDS Security Specification - 4th revised submission documentGerardo Pardo-Castellote
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceGerardo Pardo-Castellote
 
Hello World in OMG DDS and ZeroMQ
Hello World in OMG DDS and ZeroMQHello World in OMG DDS and ZeroMQ
Hello World in OMG DDS and ZeroMQSander Mertens
 
"Hello World" in OMG DDS and MQTT
"Hello World" in OMG DDS and MQTT"Hello World" in OMG DDS and MQTT
"Hello World" in OMG DDS and MQTTSander Mertens
 
Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds securityRamzi Karoui
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquittonbarendt
 
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...Real-Time Innovations (RTI)
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldReal-Time Innovations (RTI)
 

Viewers also liked (20)

DDS Security
DDS SecurityDDS Security
DDS Security
 
DDS in Action -- Part I
DDS in Action -- Part IDDS in Action -- Part I
DDS in Action -- Part I
 
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
The Cloudy, Foggy and Misty Internet of Things -- Toward Fluid IoT Architect...
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter Kit
 
Micro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part IMicro services Architecture with Vortex -- Part I
Micro services Architecture with Vortex -- Part I
 
OpenSplice Security Module
OpenSplice Security ModuleOpenSplice Security Module
OpenSplice Security Module
 
OpenSplice DDS v6
OpenSplice DDS v6OpenSplice DDS v6
OpenSplice DDS v6
 
The DDS Tutorial - Part I
The DDS Tutorial - Part IThe DDS Tutorial - Part I
The DDS Tutorial - Part I
 
What's the Right Messaging Standard for the IoT?
What's the Right Messaging Standard for the IoT?What's the Right Messaging Standard for the IoT?
What's the Right Messaging Standard for the IoT?
 
OMG DDS Security Specification - 4th revised submission document
OMG DDS Security Specification - 4th revised submission documentOMG DDS Security Specification - 4th revised submission document
OMG DDS Security Specification - 4th revised submission document
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS Conference
 
Hello World in OMG DDS and ZeroMQ
Hello World in OMG DDS and ZeroMQHello World in OMG DDS and ZeroMQ
Hello World in OMG DDS and ZeroMQ
 
"Hello World" in OMG DDS and MQTT
"Hello World" in OMG DDS and MQTT"Hello World" in OMG DDS and MQTT
"Hello World" in OMG DDS and MQTT
 
OMG DDS Security Standard
OMG DDS Security StandardOMG DDS Security Standard
OMG DDS Security Standard
 
Open splice dds security
Open splice dds securityOpen splice dds security
Open splice dds security
 
Practical Security with MQTT and Mosquitto
Practical Security with MQTT and MosquittoPractical Security with MQTT and Mosquitto
Practical Security with MQTT and Mosquitto
 
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern World
 
RPC Over DDS
RPC Over DDSRPC Over DDS
RPC Over DDS
 

Similar to DDS Security

Stream Processing with DDS and CEP
Stream Processing with DDS and CEPStream Processing with DDS and CEP
Stream Processing with DDS and CEPAngelo Corsaro
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsAngelo Corsaro
 
Open splicedds espercep-webinar
Open splicedds espercep-webinarOpen splicedds espercep-webinar
Open splicedds espercep-webinarTomasz Waszczyk
 
DDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxDDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxAngelo Corsaro
 
The DDS Tutorial Part II
The DDS Tutorial Part IIThe DDS Tutorial Part II
The DDS Tutorial Part IIAngelo Corsaro
 
Dds the ideal_bus_for_event_processing_engines
Dds the ideal_bus_for_event_processing_enginesDds the ideal_bus_for_event_processing_engines
Dds the ideal_bus_for_event_processing_enginesGerardo Pardo-Castellote
 
Vortex Tutorial -- Part I
Vortex Tutorial -- Part IVortex Tutorial -- Part I
Vortex Tutorial -- Part IAngelo Corsaro
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & restxKinAnx
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracleigsc
 
Advanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part IIAdvanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part IIAngelo Corsaro
 

Similar to DDS Security (13)

Stream Processing with DDS and CEP
Stream Processing with DDS and CEPStream Processing with DDS and CEP
Stream Processing with DDS and CEP
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained Envionrments
 
DDS ISO C++ PSM
DDS ISO C++ PSMDDS ISO C++ PSM
DDS ISO C++ PSM
 
Open splicedds espercep-webinar
Open splicedds espercep-webinarOpen splicedds espercep-webinar
Open splicedds espercep-webinar
 
DDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxxDDS-PSM-Cxx and simd-cxx
DDS-PSM-Cxx and simd-cxx
 
The DDS Tutorial Part II
The DDS Tutorial Part IIThe DDS Tutorial Part II
The DDS Tutorial Part II
 
Dds the ideal_bus_for_event_processing_engines
Dds the ideal_bus_for_event_processing_enginesDds the ideal_bus_for_event_processing_engines
Dds the ideal_bus_for_event_processing_engines
 
PrismTech Vortex Tutorial Part 1
PrismTech Vortex Tutorial Part 1PrismTech Vortex Tutorial Part 1
PrismTech Vortex Tutorial Part 1
 
Vortex Tutorial -- Part I
Vortex Tutorial -- Part IVortex Tutorial -- Part I
Vortex Tutorial -- Part I
 
Presentation cyber defense for soa & rest
Presentation cyber defense for soa & restPresentation cyber defense for soa & rest
Presentation cyber defense for soa & rest
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
 
Advanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part IIAdvanced OpenSplice Programming - Part II
Advanced OpenSplice Programming - Part II
 

More from Angelo Corsaro

zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data FabricAngelo Corsaro
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationAngelo Corsaro
 
zenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computezenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computeAngelo Corsaro
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingAngelo Corsaro
 
fog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructurefog05: The Fog Computing Infrastructure
fog05: The Fog Computing InfrastructureAngelo Corsaro
 
Cyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeCyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeAngelo Corsaro
 
fog05: The Fog Computing Platform
fog05: The Fog Computing Platformfog05: The Fog Computing Platform
fog05: The Fog Computing PlatformAngelo Corsaro
 
Programming in Scala - Lecture Four
Programming in Scala - Lecture FourProgramming in Scala - Lecture Four
Programming in Scala - Lecture FourAngelo Corsaro
 
Programming in Scala - Lecture Three
Programming in Scala - Lecture ThreeProgramming in Scala - Lecture Three
Programming in Scala - Lecture ThreeAngelo Corsaro
 
Programming in Scala - Lecture Two
Programming in Scala - Lecture TwoProgramming in Scala - Lecture Two
Programming in Scala - Lecture TwoAngelo Corsaro
 
Programming in Scala - Lecture One
Programming in Scala - Lecture OneProgramming in Scala - Lecture One
Programming in Scala - Lecture OneAngelo Corsaro
 
RUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsRUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsAngelo Corsaro
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardAngelo Corsaro
 
Fluid IoT Architectures
Fluid IoT ArchitecturesFluid IoT Architectures
Fluid IoT ArchitecturesAngelo Corsaro
 

More from Angelo Corsaro (20)

Zenoh: The Genesis
Zenoh: The GenesisZenoh: The Genesis
Zenoh: The Genesis
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data Fabric
 
Zenoh Tutorial
Zenoh TutorialZenoh Tutorial
Zenoh Tutorial
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
 
zenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computezenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query compute
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
 
Eastern Sicily
Eastern SicilyEastern Sicily
Eastern Sicily
 
fog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructurefog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructure
 
Cyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeCyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT Age
 
fog05: The Fog Computing Platform
fog05: The Fog Computing Platformfog05: The Fog Computing Platform
fog05: The Fog Computing Platform
 
Programming in Scala - Lecture Four
Programming in Scala - Lecture FourProgramming in Scala - Lecture Four
Programming in Scala - Lecture Four
 
Programming in Scala - Lecture Three
Programming in Scala - Lecture ThreeProgramming in Scala - Lecture Three
Programming in Scala - Lecture Three
 
Programming in Scala - Lecture Two
Programming in Scala - Lecture TwoProgramming in Scala - Lecture Two
Programming in Scala - Lecture Two
 
Programming in Scala - Lecture One
Programming in Scala - Lecture OneProgramming in Scala - Lecture One
Programming in Scala - Lecture One
 
RUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsRUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming Ruminations
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity Standard
 
Fog Computing Defined
Fog Computing DefinedFog Computing Defined
Fog Computing Defined
 
Fluid IoT Architectures
Fluid IoT ArchitecturesFluid IoT Architectures
Fluid IoT Architectures
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

DDS Security

  • 1. DDS Security [PrismTech Initial Submission for the OMG RFP mars/2010-12-37] Angelo CORSARO, Ph.D. Chief Technology Officer OMG DDS Sig Co-Chair PrismTech angelo.corsaro@prismtech.com
  • 2. Agenda ¨ Context Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Security Model ¨ Transport Security ¨ Key Distribution ¨ Data Protection ¨ Next Steps
  • 3. Context The DDS Security specification focuses on three orthogonal aspects Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ A definition of the DDS security model ¨ A set of API defining the interface for pluggable security plugins ¨ A set extensions to the DDSI/ RTPS protocol to enable interoperable security
  • 4. Submission Approach ¨ Address key requirements commonly raising in Copyright  2010,  PrismTech  –    All  Rights  Reserved. systems and system of systems ¨ Allow both endpoint as well as perimeter security approaches ¨ Leverage existing standards when possible ¨ Preserve DDS scalability do not limit the use of multicast when available
  • 5. Security Properties This submission focuses on providing DDS with the following desirable properties: Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Confidentiality of the data samples being exchanged ¨ Integrity of DDS messages, data and the overall system ¨ Authentication of DDS readers and writers ¨ Authorization of DDS Entities (e.g. DomainParticipants, DataReader, DataWriters) ¨ Non-repudiation of data being sent ¨ Availability
  • 7. What can I Access? ¨ The submission proposes to define the security policies in terms of Copyright  2010,  PrismTech  –    All  Rights  Reserved. operations that “Subjects” can perform on “Objects” ¨ This submission considers the following classification: ¨ Subjects ¨ DomainParticipants ¨ Objects ¨ Topics ¨ As a consequence a DomainParticipant might be provided with rights to Create, Read, Update or Dispose Topics or a specific set of Topics
  • 8. What can we secure? This submission provides two composable level of security Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Topic-Level ¨ A topic can be secure as a whole thus making its access unavailable to un-authorized applications ¨ Attribute-Level ¨ An attribute can be “obfuscated” to further control its availability. In this case some DomainParticipants might have the right to see the Topic but not the specific attribute
  • 10. Topic Security enum BloodType { A, B, AB, O, An, Bn, ABn, On }; struct Person { string name; string surname; string ssn; string email; sequence<string> telephone; sequence<string> pathologies; Copyright  2010,  PrismTech  –    All  Rights  Reserved. BloodType bloodType; ¨ The entire topic long salary }; Payload content is secured encipherment in Core DDS Application DDS Application ¨ Uniform access to xxxxx xxxxx Data Sample xxxxx xxxxx topic attributes is xxxxx Hash xxxxx DDS Core DDS Core provided to authorized Hash Hash Hash users DDS Durability Service Hash Hash
  • 11. Field-Based Security enum BloodType { A, B, AB, O, An, Bn, ABn, On }; struct Person { ¨ Sometimes, for a secured string name; string surname; topic you need to provide string ssn; Copyright  2010,  PrismTech  –    All  Rights  Reserved. string email; non-uniform access to sequence<string> telephone; @protected sequence<string> pathologies; some of its fields BloodType bloodType; @protected long salary }; ¨ example: Salary, Medical Records, etc. Field encipherment by application ¨ Field-based security DDS Application DDS Application provides a way to control xxxxx xxxxx Data Sample xxxxx xxxxx Hash access at a field level via xxxxx xxxxx xxxxx DDS Core DDS Core security containers Hash xxxxx Hash xxxxx xxxxx ¨ Field-based security can be xxxxx DDS Durability Service xxxxx Hash overlaid over a secure topic Hash xxxxx xxxxx xxxxx xxxxx
  • 12. Field vs. Topic Security ¨ The current proposal makes Topic security completely transparent to Copyright  2010,  PrismTech  –    All  Rights  Reserved. the application ¨ The infrastructures takes care of transparently dealing with key distribution, encryption, decryption, etc. ¨ Field-based security is based on the concept of security container ¨ The infrastructure generates secure containers for “secured-fields” but will not automatically distribute keys ¨ The keys necessary to “open” the secured field are to be distributed by an application specific logic. Notice that a specific secure topic could be used for this purpose
  • 14. TLS & DTLS TLS and DTLS are commonly used cryptographic protocols in “client/server” Copyright  2010,  PrismTech  –    All  Rights  Reserved. applications. However for DDS they present some shortcomings ¨ TLS and DTLS use in-band, blocking key-negotiation, in the default setup, thus interrupting the data exchange for a non-predictable amount of time ¨ At anytime one of the two peers may initiate a key re-negotiation, causing interruption of the data-transfer until a new session-key has been negotiated. ¨ A major drawback is that both, TLS and D-TLS, can not deal with multicast communication. A TLS based transport security would degrade a DDS system to a client-server system. Both, TLS and DLTS, are not suited for DDS transport layer security protocols.
  • 15. SRTP & DDS ¨ The Secure Real-time Transport Protocol (or SRTP) defines a Copyright  2010,  PrismTech  –    All  Rights  Reserved. profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications It was first published by the IETF in March 2004 as RFC 3711. ¨ This submission proposes the use of the SRTP approach for securing DDS transport while maintaining support for unicast and multicast!
  • 17. MIKEY & DDS ¨ The Multimedia Internet KEYing (MIKEY) is a key management protocol that is intended for use with real-time applications. It can specifically be used to set up encryption keys for multimedia sessions that are secured using SRTP. MIKEY Copyright  2010,  PrismTech  –    All  Rights  Reserved. is defined in RFC 3830. ¨ MIKEY supports five different methods to set up a Common Secret: ¨ Pre-Shared Key (PSK): This is the most efficient way to handle the transport of the Common Secret, since only symmetric encryption is used and only a small amount of data has to be exchanged. ¨ Public-Key: The Common Secret is exchanged with the help of public key encryption. ¨ Diffie-Hellman: A Diffie-Hellman key exchange is used to set up the Common Secret. ¨ DH-HMAC (HMAC-Authenticated Diffie-Hellman): This is a light-weight version of Diffie-Hellman MIKEY ¨ RSA-R (Reverse RSA): The Common Secret is exchanged with the help of public key encryption in a way that doesn't require any PKI ¨ The RSA-R method is the appropriate concept for DDS (see submission for details)
  • 19. Payload Protection ¨ The header contains the relevant attributes to fetch the required secrets Copyright  2010,  PrismTech  –    All  Rights  Reserved. and keys from originator or key- archive ¨ The key-archive shall operate similar to a durability service, storing keys for late joiners Data Submessage ¨ The tail contains the digest, which DATA header Security Header Payload Security Tail allows to verify integrity of the payload ¨ The concept of header and tail allows re-fragmentation of the serialized data
  • 20. Next Steps Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¨ Detail the use of SRTP and MIKEY in the context of the DDSI/RTPS wire-protocol ¨ Finalize the API for security plugin ¨ Vote for adoption
  • 21. :: Connect with Us :: Copyright  2010,  PrismTech  –    All  Rights  Reserved. ¥ opensplice.com ¥ forums.opensplice.org ¥ @acorsaro ¥ opensplice.org ¥ opensplicedds@prismtech.com ¥ @prismtech ¥ crc@prismtech.com ¥ sales@prismtech.com ¥ youtube.com/opensplicetube ¥ slideshare.net/angelo.corsaro