SlideShare a Scribd company logo

Data Distribution Service Security and the Industrial Internet of Things

Download as PPTX, PDF
Real-Time Innovations (RTI)
Real-Time Innovations (RTI)

This document discusses data distribution service (DDS) security for the industrial internet of things (IIoT). It provides background on DDS and the IIoT. It then discusses how DDS security works, including pluggable security architectures, authentication, access control, and message security. The goal of DDS security is to prevent unauthorized access to data in the global data space shared by DDS applications. Built-in security capabilities include X.509 authentication, access control configuration, and encryption/message authentication algorithms.

Software
1 of 48
Data Distribution Service Security and the Industrial Internet of Things Hamed Soroush, Ph.D Senior Research Security Engineer, IIC Security Working Group Co-Chair
Outline • Background on Industrial Internet of Things • Background on Data Distribution Service • Data Distribution Service Security ©2016 Real-Time Innovations, Inc.
What is the Internet of Things? Industrial Internet of Things (IIoT)Consumer Internet of Things (CIoT) Cyber-Physical Systems (CPS) ©2016 Real-Time Innovations, Inc.
World Economic Forum 2015 • The Industrial Internet will transform many industries, including: – Manufacturing – Oil and gas – Agriculture – Mining – Transportation – Healthcare • …and dwarf the consumer side • Collectively, these account for nearly two-thirds of the world economy ©2016 Real-Time Innovations, Inc.
©2016 Real-Time Innovations, Inc. 220+ companies Goal: build and prove a common architecture that interoperates between vendors and across industries
©2016 Real-Time Innovations, Inc.
RTI’s Experience • Designed into over $1 T of IIoT – Healthcare – Transportation – Communications – Energy – Industrial – Defense • 15+ Standards & Consortia Efforts – Interoperability – Multi-vendor ecosystems ©2016 Real-Time Innovations, Inc.
RTI Named Most Influential IIoT Company ©2016 Real-Time Innovations, Inc.
Transformative Applications What Will the Industrial Internet of Things Do?
Preventing Medical Errors What Can Change This? ECRI Institute identifies alarm hazards as its Top Health Technology Hazard for 2013 Clinicians exposed each day to tens of thousands of alarms Nineteen out of 20 hospitals surveyed rank alarm fatigue as a top patient safety concern Hospital Errors are the Third Leading Cause of Death in U.S., and New Hospital Safety Scores Show Improvements Are Too Slow New research estimates up to 440,000 Americans are dying annually from preventable hospital errors. ©2016 Real-Time Innovations, Inc.
Example: Patient-Controlled Analgesia PCA is widely used, and considered safe… …but 2-3 patients die every day in the US from opiate overdose from PCA The patient presses a button to receive intravenous pain medication. Monitoring is not typically used due to high false/nuisance alarm rate. ©2016 Real-Time Innovations, Inc.
Improve Safety by Connecting Devices • The Integrated Clinical Environment (ICE) standard specifies interoperability for medical devices • RTI Connext DDS ties together instruments in real time “RTI Connext DDS met all our needs – whether we’re handling 12 patients, or 200.” -- DocBox Founder, Tracy Rausch “… the anesthesiologist forgot to resume ventilation after separation from cardiopulmonary bypass. The delayed detection was attributed to the fact that the audible alarms for the pulse oximeter and capnograph had been disabled during bypass and had not been reactivated. The patient sustained permanent brain damage.” Every surgical team surveyed has experienced this error! ©2016 Real-Time Innovations, Inc.
Key to the Success of IIoT: Interoperability • Interoperability – Across Systems – Across Vendors – Across Brownfiled & Greenfield Deployments – Across Teams ©2016 Real-Time Innovations, Inc.
Data Centricity Enables Interoperability
Comic from xkcd.com ©2016 Real-Time Innovations, Inc.
Data Centric is Different! Point-to-Point TCP Sockets Publish/Subscribe Fieldbus CANbus Queuing AMQP Active MQ Data-Centric DDS Shared Data Model DataBus Client/Server MQTT REST XMPP OPC Broke red ESB Daem on ©2016 Real-Time Innovations, Inc.
It’s All About the Data Data centricity enables interoperation, scale, integration Unstructured files Database Data Centricity Data at Rest Messaging middleware DataBus Data Centricity Data in Motion ©2016 Real-Time Innovations, Inc.
Data Centric is the Opposite of OO Object Oriented • Encapsulate data • Expose methods Data Centric • Encapsulate methods • Expose data Explicit Shared Data Model ©2016 Real-Time Innovations, Inc.
RPC over DDS 2014 DDS Security 2014 Web-Enabled DDS 2013 DDS Implementation App DDS Implementation App DDS Implementation DDS Spec 2004 DDS Interoperablity 2006 UML DDS Profile 2008 DDS for Lw CCM 2009 DDS X-Types 2010 2012 DDS-STD-C++ DDS-JAVA5 OMG Compliant DDS: Data Centric Messaging App Network / TCP / UDP / IP / SharedMem / … ©2016 Real-Time Innovations, Inc.
DDS Terminology Domain Participant Data Reader Data Writer Data Writer Data Reader Data Reader Data Writer PublisherSubscriber Subscriber Global Data Space Topic Topic Publisher Domain Participant Domain Participant QoS #1 QoS #2 ©2016 Real-Time Innovations, Inc.
Data-Centric Model “Global Data Space” generalizes Subject-Based Addressing • Data objects addressed by Domain ID, Topic and Key • Domains provide a level of isolation • Topic groups homogeneous subjects (same data-type & meaning) • Key is a generalization of subject Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Airline Flight Destination Time SWA 023 PDX 14:05 UA 119 LAX 14:40 Sensor Value Units Location 4535 72 Fahrenheit Bldg. 405 5677 64 Fahrenheit Bldg., 201 Data Writer Domain Topic Instance Key (subject) ©2016 Real-Time Innovations, Inc.
Quality of Service (QoS) • Aside from the actual data to be delivered, users often need to specify HOW to send it … … reliably (or “send and forget”) … how much data (all data , last 5 samples, every 2 secs) … how long before data is regarded as ‘stale’ and is discarded … how many publishers of the same data are allowed … how to ‘failover’ if an existing publisher stops sending data … how to detect “dead” applications … … • These options are controlled by formally-defined Quality of Service (QoS) ©2016 Real-Time Innovations, Inc.
Data Centricity Enables Interoperability • Global Data Space – Automatic discovery – Read & write data in any OS, language, transport – Redundant sources/sinks/nets • Type Aware • No Servers • QoS control – Timing, Reliability, Ownership, Redundancy, Filtering, Security Shared Global Data Space DDS DataBus Patient Hx Device Identity Devices SupervisoryCDS Physiologic State NursingStation Cloud Offer: Write this 1000x/sec Reliable for 10 secs Request: Read this 10x/sec If patient = “Joe” ©2016 Real-Time Innovations, Inc.
Why Choose DDS? • Reliability: Severe consequences if offline for 5 minutes? • Performance/scale: – Measure in ms or µs? – Or scale > 20+ applications or 10+ teams? – Or 10k+ data values? • Architecture: Code active lifetime >3 yrs? 2 or 3 Checks? ©2016 Real-Time Innovations, Inc.
This is addressed by DDS Security Security Boundaries • System Boundary • Network Transport – Media access (layer 2) – Network (layer 3) security – Session/Endpoint (layer 4/5) security • Host – Machine/OS/Applications/Files • Data & Information flows ©2016 Real-Time Innovations, Inc.
Data Security Threats in the Global Data Space 1. Unauthorized subscription 2. Unauthorized publication 3. Tampering and replay 4. Unauthorized access to data by infrastructure services Alice: Allowed to publish topic ‘T’ Bob: Allowed to subscribe to topic ‘T’ Eve: Non-authorized eavesdropper Trudy: Intruder Mallory: Malicious insider Trent: Trusted infrastructure service Alice Bob Eve Trudy Trent Mallory ©2016 Real-Time Innovations, Inc.
• Transport Layer Security • Fine-grained Data-Centric Security Approaches to Secure DDS ©2016 Real-Time Innovations, Inc.
Threat & Trust Models for DDS Security • We are protecting against attacks originating over the network • The local machine is in our trust base – To protect against threats in the same machine host- protection techniques should be used • These are outside the scope of DDS security • By securing DDS we mean providing mechanisms for – Confidentiality of the data samples – Integrity of the data samples and the messages that contain them – Authentication of DDS writers & readers – Authorization of DDS writers & readers ©2016 Real-Time Innovations, Inc.
Data-centric Security for DDS: How is it Done? • Security Model – What to Protect • Security Plugin APIs – How/where to protect – Interchangeability of the plugins • DDS RTPS Wire Protocol – Data encapsulation and discovery interoperability • Default Builtin Plugins – Out-of-box implementation – Interoperable implementations OMG DDS Security Specification RTI Connext™ DDS Implementation ©2016 Real-Time Innovations, Inc.
Security Model • A security model is defined in terms of: – The subjects (principals) – The objects being protected • The operations that are protected on the objects – Access Control Model • A way to define for each subject – What the objects it can perform operations on are – Which operations are allowed ©2016 Real-Time Innovations, Inc.
Security Model Example: UNIX FileSystem (simplified) • Subjects: Users, specifically processes executing on behalf of a specific userid • Protected Objects: Files and Directories • Protected Operations on Objects: – Directory.list, Directory.createFile, Directory.createDir, Directory.removeFile, Directory.removeDir, Directory.renameFile – File.view, File.modify, File.execute • Access Control Model: – A subject is given a userId and a set of groupId – Each object is assigned a OWNER and a GROUP – Each Object is given a combination of READ, WRITE, EXECUTE permissions for the assigned OWNER and GROUP – Each protected operation is mapped to a check, for example • File.view is allowed if and only if – File.owner == Subject.userId AND File.permissions(OWNER) includes READ – OR File.group IS-IN Subject.groupId[] AND File.permissions(GROUP) includes READ ©2016 Real-Time Innovations, Inc.
DDS Security Model 1/15/2016 © 2012 Real-Time Innovations, Inc. - All rights reserved 32 Concept Unix Filesystem Security Model DDS Security Model Subject User Process executing for a user DomainParticipant Application joining a DDS domain Protected Objects Directories Files Domain (by domain_id) Topic (by Topic name) DataObjects (by Instance/Key) Protected Operations Directory.list, Directory.create (File, Dir) Directory.remove (File, Dir) Directory.rename (File, Dir) File.read, File.write, File.execute Domain.join Topic.create Topic.read (includes QoS) Topic.write (includes QoS) Data.createInstance Data.writeInstance Data.deleteInstance Access Control Policy Control Fixed in Kernel Configurable via Plugin Builtin Access Control Mode Per-File/Dir Read/Write/Execute permissions for OWNER, Per-DomainParticipant Permissions : What Domains and Topics it can JOIN/READ/WRITE
Pluggable Security Architecture App. Other DDS System Secure DDS middleware Authentication Plugin Access Control Plugin Cryptographic Plugin Secure Kernel Crypto Module (e.g. TPM ) Transport (e.g. UDP) application componentcertificates ? Data cache Protocol Engine Kernel Policies DDS Entities Network Driver ? Network Encrypted Data Other DDS System Other DDS System App.App. Logging Plugin DataTagging Plugin MAC ©2016 Real-Time Innovations, Inc.
Platform Independent Interception Pts + SPIs 34 Service Plugin Purpose Interactions Authentication Authenticate the principal that is joining a DDS Domain. Handshake and establish shared secret between participants The principal may be an application/process or the user associated with that application or process. Participants may send messages to do mutual authentication and establish shared secret Access Control Decide whether a principal is allowed to perform a protected operation. Protected operations include joining a specific DDS domain, creating a Topic, reading a Topic, writing to a Topic, etc. Cryptography Perform the encryption and decryption operations. Create & Exchange Keys. Compute digests, compute and verify Message Authentication Codes. Sign and verify signatures of messages. Invoked by DDS middleware to encrypt data compute and verify MAC, compute & verify Digital Signatures Logging Log all security relevant events Invoked by middleware to log Data Tagging Add a data tag for each data sample ©2016 Real-Time Innovations, Inc.
What are the Standard Capabilities (Built-in Plugins) Authentication  X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)  Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange Access Control  Configured by domain using a (shared) Governance file  Specified via permissions file signed by shared CA  Control over ability to join systems, read or write data topics Cryptography  Protected key distribution  AES128 and AES256 for encryption  HMAC-SHA256 for message authentication and integrity Data Tagging  Tags specify security metadata, such as classification level  Can be used to determine access privileges (via plugin) Logging  Log security events to a file or distribute securely over DDS ©2016 Real-Time Innovations, Inc.
Overview of What Happens Create Domain Participant Authenticate DP? Create Endpoints Discover remote Endpoints Send/Receive data Discover remote DP Authenticate DP? Yes Domain Participant Create Fails No Access OK? Endpoint Create Fails No Authenticate Remote DP? Ignore Remote DP No Yes Access OK? Ignore remote endpoint Message security DP = Domain Participant Endpoint = Reader / Writer No ©2016 Real-Time Innovations, Inc.
The Big Picture: Authentication • Once discovered & authenticated to the middleware, domain participants are mutually authenticated to each other using a point-to-point public-key based challenge-response handshaking protocol. • After the handshake, participants have learned about: – Each other's identities – Each other's granted access permissions – A shared secret, which is used to derive symmetric keys that enables message security ©2016 Real-Time Innovations, Inc.
The Big Picture: Access Control • DDS Security allows for configuring & enforcing the privileges of each participant such as – Which domains it can join – What topics it can read/write • It also allows specifying & enforcing policies for the whole domain such as – What topics are discovered using Secure Discovery – Encrypt or Sign for Secure Discovery – What topics have controlled access – Encrypt or Sign for each secure topic • User data and payload • Metadata and routing information – What to do with unauthenticated access requests ©2016 Real-Time Innovations, Inc.
The Big Picture: Message Security • DDS Security enables message security by allowing for encryption and authentication of DDS messages. – Symmetric encryption keys & MAC keys are generated per data writer – These keys are distributed to authenticated data readers that are authorized. • Distribution of these keys is done using other symmetric keys derived from the shared secret. • The key distribution is transport independent – e.g. it could happen over multicast – These keys are used for encryption and/or message authentication based on the policy defined in the governance document. – different parts of messages can optionally be encrypted per governance policy • headers, complete message, sub-message, discovery data ©2016 Real-Time Innovations, Inc.
DDS Security, Outside of the Box ©2016 Real-Time Innovations, Inc.
Domain Governance Document Identity CA Certificate Permissions CA Certificate P2 Identity Certificate P2 Private Key P2 P2 Permissions File P1 Identity Certificate P1 Private Key P1 P1 Permissions File • Keys. Each participant has a pair of public & private keys used in authentication process. • Identity CA that has signed participant public keys. Participants need to have a copy of the CA certificate as well. • Permissions File specifies what domains/partitions the DP can join, what topics it can read/write, what tags are associate with the readers/writers • Domain Governance specifies which domains should be secured and how • Permissions CA that has signed participant permission file as well as the domain governance document. Participants need to have a copy of the permissions CA certificate. Configuring & Deploying Secure DDS ©2016 Real-Time Innovations, Inc.
Permissions Document • For each Participant – Specifies • What Domain IDs it can join • What Topics it can read/write • What Partitions it can join • What Tags are associated with the Readers and Writers ©2016 Real-Time Innovations, Inc.
A Sample Permissions File 1/15/2016 © 2012 Real-Time Innovations, Inc. - All rights reserved 43
Domain Governance Document • The domain governance document is an XML document that specifies which DDS domain IDs shall be protected and the details of the protection. • It is signed by the permissions CA. ©2016 Real-Time Innovations, Inc.
A Sample Domain Governance File ©2016 Real-Time Innovations, Inc.
Configuration possibilities • Are “legacy” or un-identified applications allowed in the Domain? Yes or No. – If yes an unauthenticated applications will: • See the “unsecured” discovery Topics • Be allowed to read/write the “unsecured” Topics • Is a particular Topic discovered over protected discovery? – If so it can only be seen by “authenticated applications” • Is access to a particular Topic protected? – If so only authenticated applications with the correct permissions can read/write • Is data on a particular Topic protected? How? – If so data will be sent signed or, encrypted then signed • Are all protocol messages signed? Encrypted? – If so only authenticated applications with right permissions will see anything ©2016 Real-Time Innovations, Inc.
DDS Security allows for configurations that combine interoperability, scalability, and high performance requirements of Industrial IoT Systems with those of security.
Try out Secure DDS • Current Specification Draft: – http://www.omg.org/spec/DDS-SECURITY/ • Any Questions? – Send e-mail to hamed AT rti DOT com ©2016 Real-Time Innovations, Inc.

Recommended

Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDSDeveloping Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
Real-Time Innovations (RTI)
 
Embedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsEmbedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and Solutions
Real-Time Innovations (RTI)
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
Real-Time Innovations (RTI)
 
Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?
Real-Time Innovations (RTI)
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
Real-Time Innovations (RTI)
 
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial SystemsThe Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
Real-Time Innovations (RTI)
 
IoT Panel, Part II: Security for Silicon, Software, and Sensors
IoT Panel, Part II: Security for Silicon, Software, and SensorsIoT Panel, Part II: Security for Silicon, Software, and Sensors
IoT Panel, Part II: Security for Silicon, Software, and Sensors
Real-Time Innovations (RTI)
 
Elastic Software Infrastructure to Support the Industrial Internet
Elastic Software Infrastructure to Support the Industrial InternetElastic Software Infrastructure to Support the Industrial Internet
Elastic Software Infrastructure to Support the Industrial Internet
Real-Time Innovations (RTI)
 

Recommended

Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDSDeveloping Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
Real-Time Innovations (RTI)
 
Embedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and SolutionsEmbedded Security and the IoT – Challenges, Trends and Solutions
Embedded Security and the IoT – Challenges, Trends and Solutions
Real-Time Innovations (RTI)
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
Real-Time Innovations (RTI)
 
Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?Why is DDS the Right Technology for the Industrial Internet?
Why is DDS the Right Technology for the Industrial Internet?
Real-Time Innovations (RTI)
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
Real-Time Innovations (RTI)
 
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial SystemsThe Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
Real-Time Innovations (RTI)
 
IoT Panel, Part II: Security for Silicon, Software, and Sensors
IoT Panel, Part II: Security for Silicon, Software, and SensorsIoT Panel, Part II: Security for Silicon, Software, and Sensors
IoT Panel, Part II: Security for Silicon, Software, and Sensors
Real-Time Innovations (RTI)
 
Elastic Software Infrastructure to Support the Industrial Internet
Elastic Software Infrastructure to Support the Industrial InternetElastic Software Infrastructure to Support the Industrial Internet
Elastic Software Infrastructure to Support the Industrial Internet
Real-Time Innovations (RTI)
 
How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...
Real-Time Innovations (RTI)
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Real-Time Innovations (RTI)
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Real-Time Innovations (RTI)
 
Secrets of Autonomous Car Design
Secrets of Autonomous Car DesignSecrets of Autonomous Car Design
Secrets of Autonomous Car Design
Real-Time Innovations (RTI)
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Real-Time Innovations (RTI)
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDS
Real-Time Innovations (RTI)
 
Fog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of ThingsFog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of Things
Real-Time Innovations (RTI)
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
Real-Time Innovations (RTI)
 
Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approach
Remedy IT
 
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security FrameworkThe Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
Real-Time Innovations (RTI)
 
Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...
Real-Time Innovations (RTI)
 
Build Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsBuild Safe and Secure Distributed Systems
Build Safe and Secure Distributed Systems
Real-Time Innovations (RTI)
 
System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...
Real-Time Innovations (RTI)
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
Real-Time Innovations (RTI)
 
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
Real-Time Innovations (RTI)
 
Security and Safety Assurance in Industrial IoT
Security and Safety Assurance in Industrial IoTSecurity and Safety Assurance in Industrial IoT
Security and Safety Assurance in Industrial IoT
Vladimir Sklyar
 
How to Cut $2 Million of Your Safety Cert Costs
How to Cut $2 Million of Your Safety Cert CostsHow to Cut $2 Million of Your Safety Cert Costs
How to Cut $2 Million of Your Safety Cert Costs
Real-Time Innovations (RTI)
 
A Tour of RTI Applications
A Tour of RTI ApplicationsA Tour of RTI Applications
A Tour of RTI Applications
Real-Time Innovations (RTI)
 
The Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car ArchitecturesThe Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car Architectures
Real-Time Innovations (RTI)
 
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Real-Time Innovations (RTI)
 
TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.
Real-Time Innovations (RTI)
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
Gerardo Pardo-Castellote
 

More Related Content

What's hot

How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...
Real-Time Innovations (RTI)
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Real-Time Innovations (RTI)
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Real-Time Innovations (RTI)
 
Secrets of Autonomous Car Design
Secrets of Autonomous Car DesignSecrets of Autonomous Car Design
Secrets of Autonomous Car Design
Real-Time Innovations (RTI)
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Real-Time Innovations (RTI)
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDS
Real-Time Innovations (RTI)
 
Fog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of ThingsFog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of Things
Real-Time Innovations (RTI)
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
Real-Time Innovations (RTI)
 
Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approach
Remedy IT
 
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security FrameworkThe Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
Real-Time Innovations (RTI)
 
Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...
Real-Time Innovations (RTI)
 
Build Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsBuild Safe and Secure Distributed Systems
Build Safe and Secure Distributed Systems
Real-Time Innovations (RTI)
 
System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...
Real-Time Innovations (RTI)
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
Real-Time Innovations (RTI)
 
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
Real-Time Innovations (RTI)
 
Security and Safety Assurance in Industrial IoT
Security and Safety Assurance in Industrial IoTSecurity and Safety Assurance in Industrial IoT
Security and Safety Assurance in Industrial IoT
Vladimir Sklyar
 
How to Cut $2 Million of Your Safety Cert Costs
How to Cut $2 Million of Your Safety Cert CostsHow to Cut $2 Million of Your Safety Cert Costs
How to Cut $2 Million of Your Safety Cert Costs
Real-Time Innovations (RTI)
 
A Tour of RTI Applications
A Tour of RTI ApplicationsA Tour of RTI Applications
A Tour of RTI Applications
Real-Time Innovations (RTI)
 
The Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car ArchitecturesThe Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car Architectures
Real-Time Innovations (RTI)
 
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Real-Time Innovations (RTI)
 

What's hot (20)

How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
 
Secrets of Autonomous Car Design
Secrets of Autonomous Car DesignSecrets of Autonomous Car Design
Secrets of Autonomous Car Design
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDS
 
Fog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of ThingsFog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of Things
 
Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids Standards for Autonomous and Secure Microgrids
Standards for Autonomous and Secure Microgrids
 
Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approach
 
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security FrameworkThe Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
 
Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...
 
Build Safe and Secure Distributed Systems
Build Safe and Secure Distributed SystemsBuild Safe and Secure Distributed Systems
Build Safe and Secure Distributed Systems
 
System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
 
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
 
Security and Safety Assurance in Industrial IoT
Security and Safety Assurance in Industrial IoTSecurity and Safety Assurance in Industrial IoT
Security and Safety Assurance in Industrial IoT
 
How to Cut $2 Million of Your Safety Cert Costs
How to Cut $2 Million of Your Safety Cert CostsHow to Cut $2 Million of Your Safety Cert Costs
How to Cut $2 Million of Your Safety Cert Costs
 
A Tour of RTI Applications
A Tour of RTI ApplicationsA Tour of RTI Applications
A Tour of RTI Applications
 
The Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car ArchitecturesThe Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car Architectures
 
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
 

Viewers also liked

TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.
Real-Time Innovations (RTI)
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
Gerardo Pardo-Castellote
 
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Real-Time Innovations (RTI)
 
How to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control SystemsHow to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control Systems
Real-Time Innovations (RTI)
 
A Reference architecture for the Internet of things
A Reference architecture for the Internet of things A Reference architecture for the Internet of things
A Reference architecture for the Internet of things
WSO2
 
Advancing Active Safety for Next-Gen Automotive
Advancing Active Safety for Next-Gen AutomotiveAdvancing Active Safety for Next-Gen Automotive
Advancing Active Safety for Next-Gen Automotive
Real-Time Innovations (RTI)
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
Peter Lubbers
 
The Industrial Internet of Things and RTI
The Industrial Internet of Things and RTIThe Industrial Internet of Things and RTI
The Industrial Internet of Things and RTI
Real-Time Innovations (RTI)
 
DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)
Abdullah Ozturk
 
Real-Time Communications and the Industrial Internet of Things
Real-Time Communications and the Industrial Internet of Things Real-Time Communications and the Industrial Internet of Things
Real-Time Communications and the Industrial Internet of Things
Real-Time Innovations (RTI)
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
Real-Time Innovations (RTI)
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Real-Time Innovations (RTI)
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
Angelo Corsaro
 
OMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsOMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time Systems
Angelo Corsaro
 
DDS Security
DDS SecurityDDS Security
DDS Security
Angelo Corsaro
 
DDS and XMPP
DDS and XMPPDDS and XMPP
DDS and XMPP
Angelo Corsaro
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service Tutorial
Angelo Corsaro
 

Viewers also liked (17)

TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
 
How to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control SystemsHow to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control Systems
 
A Reference architecture for the Internet of things
A Reference architecture for the Internet of things A Reference architecture for the Internet of things
A Reference architecture for the Internet of things
 
Advancing Active Safety for Next-Gen Automotive
Advancing Active Safety for Next-Gen AutomotiveAdvancing Active Safety for Next-Gen Automotive
Advancing Active Safety for Next-Gen Automotive
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
 
The Industrial Internet of Things and RTI
The Industrial Internet of Things and RTIThe Industrial Internet of Things and RTI
The Industrial Internet of Things and RTI
 
DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)
 
Real-Time Communications and the Industrial Internet of Things
Real-Time Communications and the Industrial Internet of Things Real-Time Communications and the Industrial Internet of Things
Real-Time Communications and the Industrial Internet of Things
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
 
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of ThingsComparison of MQTT and DDS as M2M Protocols for the Internet of Things
Comparison of MQTT and DDS as M2M Protocols for the Internet of Things
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
 
OMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time SystemsOMG DDS: The Data Distribution Service for Real-Time Systems
OMG DDS: The Data Distribution Service for Real-Time Systems
 
DDS Security
DDS SecurityDDS Security
DDS Security
 
DDS and XMPP
DDS and XMPPDDS and XMPP
DDS and XMPP
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service Tutorial
 

Similar to Data Distribution Service Security and the Industrial Internet of Things

Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
Cloudera, Inc.
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
REVULN
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
Gerardo Pardo-Castellote
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
Gerardo Pardo-Castellote
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
Tryzens
 
Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.
Gerardo Pardo-Castellote
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway Specification
Gerardo Pardo-Castellote
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure Intro
John Breitenbach
 
Blueprint for the Industrial Internet: The Architecture
Blueprint for the Industrial Internet: The ArchitectureBlueprint for the Industrial Internet: The Architecture
Blueprint for the Industrial Internet: The Architecture
Real-Time Innovations (RTI)
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
Gerardo Pardo-Castellote
 
Network security
Network securityNetwork security
Network security
Sri Manakula Vinayagar Engineering College
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Data in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathonData in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathon
Cisco DevNet
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
Marco Casassa Mont
 
Blueprint for the Industrial Internet of Things
Blueprint for the Industrial Internet of ThingsBlueprint for the Industrial Internet of Things
Blueprint for the Industrial Internet of Things
Real-Time Innovations (RTI)
 
Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...
Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...
Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...Real-Time Innovations (RTI)
 
Proofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaProofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social Media
DataStax Academy
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
IRJET Journal
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 

Similar to Data Distribution Service Security and the Industrial Internet of Things (20)

Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
 
Preparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity RenaissancePreparing for the Cybersecurity Renaissance
Preparing for the Cybersecurity Renaissance
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)
 
Industrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity StandardIndustrial IOT Data Connectivity Standard
Industrial IOT Data Connectivity Standard
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway Specification
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure Intro
 
Blueprint for the Industrial Internet: The Architecture
Blueprint for the Industrial Internet: The ArchitectureBlueprint for the Industrial Internet: The Architecture
Blueprint for the Industrial Internet: The Architecture
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
 
Network security
Network securityNetwork security
Network security
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Data in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathonData in Motion - tech-intro-for-paris-hackathon
Data in Motion - tech-intro-for-paris-hackathon
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
 
Blueprint for the Industrial Internet of Things
Blueprint for the Industrial Internet of ThingsBlueprint for the Industrial Internet of Things
Blueprint for the Industrial Internet of Things
 
Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...
Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...
Keynote presentation to the Industrial Internet Consortium (#IIConsortium) an...
 
Proofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaProofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social Media
 
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud StorageA Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
A Trusted TPA Model, to Improve Security & Reliability for Cloud Storage
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 

More from Real-Time Innovations (RTI)

The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
Real-Time Innovations (RTI)
 
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity SoftwareSlash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Real-Time Innovations (RTI)
 
Tech Mahindra - Connected Engineering
Tech Mahindra - Connected EngineeringTech Mahindra - Connected Engineering
Tech Mahindra - Connected Engineering
Real-Time Innovations (RTI)
 
Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.
Real-Time Innovations (RTI)
 
Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)
Real-Time Innovations (RTI)
 
Integrating DDS into AXCIOMA - The Component Approach
Integrating DDS into AXCIOMA - The Component ApproachIntegrating DDS into AXCIOMA - The Component Approach
Integrating DDS into AXCIOMA - The Component Approach
Real-Time Innovations (RTI)
 
Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...
Real-Time Innovations (RTI)
 
MiroSurge: Research Platform for Robotic Surgery
MiroSurge: Research Platform for Robotic SurgeryMiroSurge: Research Platform for Robotic Surgery
MiroSurge: Research Platform for Robotic Surgery
Real-Time Innovations (RTI)
 
Managing Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned AircraftManaging Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned Aircraft
Real-Time Innovations (RTI)
 

More from Real-Time Innovations (RTI) (9)

The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
 
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity SoftwareSlash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
 
Tech Mahindra - Connected Engineering
Tech Mahindra - Connected EngineeringTech Mahindra - Connected Engineering
Tech Mahindra - Connected Engineering
 
Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.
 
Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)Weather Information System Airport and Decision Support (WISADS)
Weather Information System Airport and Decision Support (WISADS)
 
Integrating DDS into AXCIOMA - The Component Approach
Integrating DDS into AXCIOMA - The Component ApproachIntegrating DDS into AXCIOMA - The Component Approach
Integrating DDS into AXCIOMA - The Component Approach
 
Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...Distributed Communication and Control for a Network of Melting Probes in Extr...
Distributed Communication and Control for a Network of Melting Probes in Extr...
 
MiroSurge: Research Platform for Robotic Surgery
MiroSurge: Research Platform for Robotic SurgeryMiroSurge: Research Platform for Robotic Surgery
MiroSurge: Research Platform for Robotic Surgery
 
Managing Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned AircraftManaging Avionics Safety Certification for Unmanned Aircraft
Managing Avionics Safety Certification for Unmanned Aircraft
 

Recently uploaded

Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 

Recently uploaded (20)

Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 

Data Distribution Service Security and the Industrial Internet of Things

  • 1. Data Distribution Service Security and the Industrial Internet of Things Hamed Soroush, Ph.D Senior Research Security Engineer, IIC Security Working Group Co-Chair
  • 2. Outline • Background on Industrial Internet of Things • Background on Data Distribution Service • Data Distribution Service Security ©2016 Real-Time Innovations, Inc.
  • 3. What is the Internet of Things? Industrial Internet of Things (IIoT)Consumer Internet of Things (CIoT) Cyber-Physical Systems (CPS) ©2016 Real-Time Innovations, Inc.
  • 4. World Economic Forum 2015 • The Industrial Internet will transform many industries, including: – Manufacturing – Oil and gas – Agriculture – Mining – Transportation – Healthcare • …and dwarf the consumer side • Collectively, these account for nearly two-thirds of the world economy ©2016 Real-Time Innovations, Inc.
  • 5. ©2016 Real-Time Innovations, Inc. 220+ companies Goal: build and prove a common architecture that interoperates between vendors and across industries
  • 7. RTI’s Experience • Designed into over $1 T of IIoT – Healthcare – Transportation – Communications – Energy – Industrial – Defense • 15+ Standards & Consortia Efforts – Interoperability – Multi-vendor ecosystems ©2016 Real-Time Innovations, Inc.
  • 8. RTI Named Most Influential IIoT Company ©2016 Real-Time Innovations, Inc.
  • 9. Transformative Applications What Will the Industrial Internet of Things Do?
  • 10. Preventing Medical Errors What Can Change This? ECRI Institute identifies alarm hazards as its Top Health Technology Hazard for 2013 Clinicians exposed each day to tens of thousands of alarms Nineteen out of 20 hospitals surveyed rank alarm fatigue as a top patient safety concern Hospital Errors are the Third Leading Cause of Death in U.S., and New Hospital Safety Scores Show Improvements Are Too Slow New research estimates up to 440,000 Americans are dying annually from preventable hospital errors. ©2016 Real-Time Innovations, Inc.
  • 11. Example: Patient-Controlled Analgesia PCA is widely used, and considered safe… …but 2-3 patients die every day in the US from opiate overdose from PCA The patient presses a button to receive intravenous pain medication. Monitoring is not typically used due to high false/nuisance alarm rate. ©2016 Real-Time Innovations, Inc.
  • 12. Improve Safety by Connecting Devices • The Integrated Clinical Environment (ICE) standard specifies interoperability for medical devices • RTI Connext DDS ties together instruments in real time “RTI Connext DDS met all our needs – whether we’re handling 12 patients, or 200.” -- DocBox Founder, Tracy Rausch “… the anesthesiologist forgot to resume ventilation after separation from cardiopulmonary bypass. The delayed detection was attributed to the fact that the audible alarms for the pulse oximeter and capnograph had been disabled during bypass and had not been reactivated. The patient sustained permanent brain damage.” Every surgical team surveyed has experienced this error! ©2016 Real-Time Innovations, Inc.
  • 13. Key to the Success of IIoT: Interoperability • Interoperability – Across Systems – Across Vendors – Across Brownfiled & Greenfield Deployments – Across Teams ©2016 Real-Time Innovations, Inc.
  • 15. Comic from xkcd.com ©2016 Real-Time Innovations, Inc.
  • 16. Data Centric is Different! Point-to-Point TCP Sockets Publish/Subscribe Fieldbus CANbus Queuing AMQP Active MQ Data-Centric DDS Shared Data Model DataBus Client/Server MQTT REST XMPP OPC Broke red ESB Daem on ©2016 Real-Time Innovations, Inc.
  • 17. It’s All About the Data Data centricity enables interoperation, scale, integration Unstructured files Database Data Centricity Data at Rest Messaging middleware DataBus Data Centricity Data in Motion ©2016 Real-Time Innovations, Inc.
  • 18. Data Centric is the Opposite of OO Object Oriented • Encapsulate data • Expose methods Data Centric • Encapsulate methods • Expose data Explicit Shared Data Model ©2016 Real-Time Innovations, Inc.
  • 19. RPC over DDS 2014 DDS Security 2014 Web-Enabled DDS 2013 DDS Implementation App DDS Implementation App DDS Implementation DDS Spec 2004 DDS Interoperablity 2006 UML DDS Profile 2008 DDS for Lw CCM 2009 DDS X-Types 2010 2012 DDS-STD-C++ DDS-JAVA5 OMG Compliant DDS: Data Centric Messaging App Network / TCP / UDP / IP / SharedMem / … ©2016 Real-Time Innovations, Inc.
  • 20. DDS Terminology Domain Participant Data Reader Data Writer Data Writer Data Reader Data Reader Data Writer PublisherSubscriber Subscriber Global Data Space Topic Topic Publisher Domain Participant Domain Participant QoS #1 QoS #2 ©2016 Real-Time Innovations, Inc.
  • 21. Data-Centric Model “Global Data Space” generalizes Subject-Based Addressing • Data objects addressed by Domain ID, Topic and Key • Domains provide a level of isolation • Topic groups homogeneous subjects (same data-type & meaning) • Key is a generalization of subject Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Airline Flight Destination Time SWA 023 PDX 14:05 UA 119 LAX 14:40 Sensor Value Units Location 4535 72 Fahrenheit Bldg. 405 5677 64 Fahrenheit Bldg., 201 Data Writer Domain Topic Instance Key (subject) ©2016 Real-Time Innovations, Inc.
  • 22. Quality of Service (QoS) • Aside from the actual data to be delivered, users often need to specify HOW to send it … … reliably (or “send and forget”) … how much data (all data , last 5 samples, every 2 secs) … how long before data is regarded as ‘stale’ and is discarded … how many publishers of the same data are allowed … how to ‘failover’ if an existing publisher stops sending data … how to detect “dead” applications … … • These options are controlled by formally-defined Quality of Service (QoS) ©2016 Real-Time Innovations, Inc.
  • 23. Data Centricity Enables Interoperability • Global Data Space – Automatic discovery – Read & write data in any OS, language, transport – Redundant sources/sinks/nets • Type Aware • No Servers • QoS control – Timing, Reliability, Ownership, Redundancy, Filtering, Security Shared Global Data Space DDS DataBus Patient Hx Device Identity Devices SupervisoryCDS Physiologic State NursingStation Cloud Offer: Write this 1000x/sec Reliable for 10 secs Request: Read this 10x/sec If patient = “Joe” ©2016 Real-Time Innovations, Inc.
  • 24. Why Choose DDS? • Reliability: Severe consequences if offline for 5 minutes? • Performance/scale: – Measure in ms or µs? – Or scale > 20+ applications or 10+ teams? – Or 10k+ data values? • Architecture: Code active lifetime >3 yrs? 2 or 3 Checks? ©2016 Real-Time Innovations, Inc.
  • 25. This is addressed by DDS Security Security Boundaries • System Boundary • Network Transport – Media access (layer 2) – Network (layer 3) security – Session/Endpoint (layer 4/5) security • Host – Machine/OS/Applications/Files • Data & Information flows ©2016 Real-Time Innovations, Inc.
  • 26. Data Security Threats in the Global Data Space 1. Unauthorized subscription 2. Unauthorized publication 3. Tampering and replay 4. Unauthorized access to data by infrastructure services Alice: Allowed to publish topic ‘T’ Bob: Allowed to subscribe to topic ‘T’ Eve: Non-authorized eavesdropper Trudy: Intruder Mallory: Malicious insider Trent: Trusted infrastructure service Alice Bob Eve Trudy Trent Mallory ©2016 Real-Time Innovations, Inc.
  • 27. • Transport Layer Security • Fine-grained Data-Centric Security Approaches to Secure DDS ©2016 Real-Time Innovations, Inc.
  • 28. Threat & Trust Models for DDS Security • We are protecting against attacks originating over the network • The local machine is in our trust base – To protect against threats in the same machine host- protection techniques should be used • These are outside the scope of DDS security • By securing DDS we mean providing mechanisms for – Confidentiality of the data samples – Integrity of the data samples and the messages that contain them – Authentication of DDS writers & readers – Authorization of DDS writers & readers ©2016 Real-Time Innovations, Inc.
  • 29. Data-centric Security for DDS: How is it Done? • Security Model – What to Protect • Security Plugin APIs – How/where to protect – Interchangeability of the plugins • DDS RTPS Wire Protocol – Data encapsulation and discovery interoperability • Default Builtin Plugins – Out-of-box implementation – Interoperable implementations OMG DDS Security Specification RTI Connext™ DDS Implementation ©2016 Real-Time Innovations, Inc.
  • 30. Security Model • A security model is defined in terms of: – The subjects (principals) – The objects being protected • The operations that are protected on the objects – Access Control Model • A way to define for each subject – What the objects it can perform operations on are – Which operations are allowed ©2016 Real-Time Innovations, Inc.
  • 31. Security Model Example: UNIX FileSystem (simplified) • Subjects: Users, specifically processes executing on behalf of a specific userid • Protected Objects: Files and Directories • Protected Operations on Objects: – Directory.list, Directory.createFile, Directory.createDir, Directory.removeFile, Directory.removeDir, Directory.renameFile – File.view, File.modify, File.execute • Access Control Model: – A subject is given a userId and a set of groupId – Each object is assigned a OWNER and a GROUP – Each Object is given a combination of READ, WRITE, EXECUTE permissions for the assigned OWNER and GROUP – Each protected operation is mapped to a check, for example • File.view is allowed if and only if – File.owner == Subject.userId AND File.permissions(OWNER) includes READ – OR File.group IS-IN Subject.groupId[] AND File.permissions(GROUP) includes READ ©2016 Real-Time Innovations, Inc.
  • 32. DDS Security Model 1/15/2016 © 2012 Real-Time Innovations, Inc. - All rights reserved 32 Concept Unix Filesystem Security Model DDS Security Model Subject User Process executing for a user DomainParticipant Application joining a DDS domain Protected Objects Directories Files Domain (by domain_id) Topic (by Topic name) DataObjects (by Instance/Key) Protected Operations Directory.list, Directory.create (File, Dir) Directory.remove (File, Dir) Directory.rename (File, Dir) File.read, File.write, File.execute Domain.join Topic.create Topic.read (includes QoS) Topic.write (includes QoS) Data.createInstance Data.writeInstance Data.deleteInstance Access Control Policy Control Fixed in Kernel Configurable via Plugin Builtin Access Control Mode Per-File/Dir Read/Write/Execute permissions for OWNER, Per-DomainParticipant Permissions : What Domains and Topics it can JOIN/READ/WRITE
  • 33. Pluggable Security Architecture App. Other DDS System Secure DDS middleware Authentication Plugin Access Control Plugin Cryptographic Plugin Secure Kernel Crypto Module (e.g. TPM ) Transport (e.g. UDP) application componentcertificates ? Data cache Protocol Engine Kernel Policies DDS Entities Network Driver ? Network Encrypted Data Other DDS System Other DDS System App.App. Logging Plugin DataTagging Plugin MAC ©2016 Real-Time Innovations, Inc.
  • 34. Platform Independent Interception Pts + SPIs 34 Service Plugin Purpose Interactions Authentication Authenticate the principal that is joining a DDS Domain. Handshake and establish shared secret between participants The principal may be an application/process or the user associated with that application or process. Participants may send messages to do mutual authentication and establish shared secret Access Control Decide whether a principal is allowed to perform a protected operation. Protected operations include joining a specific DDS domain, creating a Topic, reading a Topic, writing to a Topic, etc. Cryptography Perform the encryption and decryption operations. Create & Exchange Keys. Compute digests, compute and verify Message Authentication Codes. Sign and verify signatures of messages. Invoked by DDS middleware to encrypt data compute and verify MAC, compute & verify Digital Signatures Logging Log all security relevant events Invoked by middleware to log Data Tagging Add a data tag for each data sample ©2016 Real-Time Innovations, Inc.
  • 35. What are the Standard Capabilities (Built-in Plugins) Authentication  X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)  Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange Access Control  Configured by domain using a (shared) Governance file  Specified via permissions file signed by shared CA  Control over ability to join systems, read or write data topics Cryptography  Protected key distribution  AES128 and AES256 for encryption  HMAC-SHA256 for message authentication and integrity Data Tagging  Tags specify security metadata, such as classification level  Can be used to determine access privileges (via plugin) Logging  Log security events to a file or distribute securely over DDS ©2016 Real-Time Innovations, Inc.
  • 36. Overview of What Happens Create Domain Participant Authenticate DP? Create Endpoints Discover remote Endpoints Send/Receive data Discover remote DP Authenticate DP? Yes Domain Participant Create Fails No Access OK? Endpoint Create Fails No Authenticate Remote DP? Ignore Remote DP No Yes Access OK? Ignore remote endpoint Message security DP = Domain Participant Endpoint = Reader / Writer No ©2016 Real-Time Innovations, Inc.
  • 37. The Big Picture: Authentication • Once discovered & authenticated to the middleware, domain participants are mutually authenticated to each other using a point-to-point public-key based challenge-response handshaking protocol. • After the handshake, participants have learned about: – Each other's identities – Each other's granted access permissions – A shared secret, which is used to derive symmetric keys that enables message security ©2016 Real-Time Innovations, Inc.
  • 38. The Big Picture: Access Control • DDS Security allows for configuring & enforcing the privileges of each participant such as – Which domains it can join – What topics it can read/write • It also allows specifying & enforcing policies for the whole domain such as – What topics are discovered using Secure Discovery – Encrypt or Sign for Secure Discovery – What topics have controlled access – Encrypt or Sign for each secure topic • User data and payload • Metadata and routing information – What to do with unauthenticated access requests ©2016 Real-Time Innovations, Inc.
  • 39. The Big Picture: Message Security • DDS Security enables message security by allowing for encryption and authentication of DDS messages. – Symmetric encryption keys & MAC keys are generated per data writer – These keys are distributed to authenticated data readers that are authorized. • Distribution of these keys is done using other symmetric keys derived from the shared secret. • The key distribution is transport independent – e.g. it could happen over multicast – These keys are used for encryption and/or message authentication based on the policy defined in the governance document. – different parts of messages can optionally be encrypted per governance policy • headers, complete message, sub-message, discovery data ©2016 Real-Time Innovations, Inc.
  • 40. DDS Security, Outside of the Box ©2016 Real-Time Innovations, Inc.
  • 41. Domain Governance Document Identity CA Certificate Permissions CA Certificate P2 Identity Certificate P2 Private Key P2 P2 Permissions File P1 Identity Certificate P1 Private Key P1 P1 Permissions File • Keys. Each participant has a pair of public & private keys used in authentication process. • Identity CA that has signed participant public keys. Participants need to have a copy of the CA certificate as well. • Permissions File specifies what domains/partitions the DP can join, what topics it can read/write, what tags are associate with the readers/writers • Domain Governance specifies which domains should be secured and how • Permissions CA that has signed participant permission file as well as the domain governance document. Participants need to have a copy of the permissions CA certificate. Configuring & Deploying Secure DDS ©2016 Real-Time Innovations, Inc.
  • 42. Permissions Document • For each Participant – Specifies • What Domain IDs it can join • What Topics it can read/write • What Partitions it can join • What Tags are associated with the Readers and Writers ©2016 Real-Time Innovations, Inc.
  • 43. A Sample Permissions File 1/15/2016 © 2012 Real-Time Innovations, Inc. - All rights reserved 43
  • 44. Domain Governance Document • The domain governance document is an XML document that specifies which DDS domain IDs shall be protected and the details of the protection. • It is signed by the permissions CA. ©2016 Real-Time Innovations, Inc.
  • 45. A Sample Domain Governance File ©2016 Real-Time Innovations, Inc.
  • 46. Configuration possibilities • Are “legacy” or un-identified applications allowed in the Domain? Yes or No. – If yes an unauthenticated applications will: • See the “unsecured” discovery Topics • Be allowed to read/write the “unsecured” Topics • Is a particular Topic discovered over protected discovery? – If so it can only be seen by “authenticated applications” • Is access to a particular Topic protected? – If so only authenticated applications with the correct permissions can read/write • Is data on a particular Topic protected? How? – If so data will be sent signed or, encrypted then signed • Are all protocol messages signed? Encrypted? – If so only authenticated applications with right permissions will see anything ©2016 Real-Time Innovations, Inc.
  • 47. DDS Security allows for configurations that combine interoperability, scalability, and high performance requirements of Industrial IoT Systems with those of security.
  • 48. Try out Secure DDS • Current Specification Draft: – http://www.omg.org/spec/DDS-SECURITY/ • Any Questions? – Send e-mail to hamed AT rti DOT com ©2016 Real-Time Innovations, Inc.