This document provides an overview of data distribution service (DDS) and security considerations for DDS. It discusses the data-centric publish-subscribe model of DDS, how data is identified in the global data space, and approaches to software integration like point-to-point and broker-based that DDS improves upon. The document also touches on key aspects of the DDS security specification and next steps.
The Industrial IoT depends on connectivity and information exchange. Much of the business value derives from the ability to have independent systems share information in order to derive knowledge, make "smart decisions", and offer behavior and functionality never before possible.
Many industrial systems were designed with a focus on reliability and safety at a time were implicit trust of all components and communication was the norm. Restricting physical access is currently the only practical method for protecting this existing critical infrastructure. This includes the electrical power grid, process control, transportation, or manufacturing systems. This is changing with increased connectivity to the Internet and personal computers as well as awareness of malicious insider threats. Many industrial systems are being (or want to be) connected to external networks using standard technologies like Ethernet and the Internet Protocol Suite (TCP/UDP/IP). These technologies make systems more functional and efficient, unfortunately they also open the critical infrastructure to cyber attacks.
New IIoT Systems are being designed with security as a key concern. New systems can leverage a solid set of security technologies and building blocks for Authentication, Cryptography, Integrity, etc. However these security technologies must be used correctly and in ways that do not disrupt the performance or access to the legitimate applications/devices, yet limit legitimate access to just the needed information (to minimize the insider threats) and denies access to all others. Adding to this difficulties the new systems need to co-exist and (securely) exchange information with the already-deployed legacy systems which were built without such security elements.
Secure DDS (a recent standard from the OMG) is a "secure connectivity middleware" technology that can be used to address these three needs: (1) Build modern secure IIoT systems, (2) Secure legacy Industrial systems being connected on the Internet, and (3) Securely bridge between new and legacy systems. Secure DDS extends the proven Data-Distribution Service (DDS) and Real-Time Publish-Subscribe Protocol (DDS-RTPS) standards with enterprise-grade authentication, encryption and fine-grained security controls while maintaining the peer-to-peer, robustness and scalability features (including secure multicast) that have made DDS a clear choice for critical infrastructure systems.
This presentation introduces the DDS Security specification and provide describe several use-cases that exemplify how these standards are deployed in real-world applications.
Revised Submission to the OMG Security RFP. Covers the plugin architecture and the proposed builtin plugins to provide Authentication, Access Control, Key Management, Confidentiality (Encryption), Message Authentication, and Auditing
Multiple protocols have been positioned as “the” application-layer messaging protocol for the Internet of Things (IoT) and Machine-to-Machine (M2M) communication. In fact, these protocols address different aspects of IoT messaging and are complementary more than competitive (other than for mindshare). This presentation compares two of these protocols, MQTT and DDS, and shows how they are designed and optimized for different communication requirements.
Short summary of the OMG DDS-WEB specification. This recently adopted standard enables thin-client applications (e.g. JavaScript applications in a browser) to access the real-time data on a DDS Domain. Industrial Internet applications built using DDS can now have a REST API.
Interoperability demonstration between 6 different products that implement the OMG DDS Interoperability Wire Protocol (DDS-RTPS).
The demonstration took place at the March 2012 OMG technical meeting in Washington DC.
The following companies demonstrated interoperability between their products: RTI (Connext DDS). TwinOaks Computing (CoreDX), PrismTech (OpenSpliceDDS), OCI (OpenDDS), ETRI (ETRI DDS), IBM.
The Industrial IoT depends on connectivity and information exchange. Much of the business value derives from the ability to have independent systems share information in order to derive knowledge, make "smart decisions", and offer behavior and functionality never before possible.
Many industrial systems were designed with a focus on reliability and safety at a time were implicit trust of all components and communication was the norm. Restricting physical access is currently the only practical method for protecting this existing critical infrastructure. This includes the electrical power grid, process control, transportation, or manufacturing systems. This is changing with increased connectivity to the Internet and personal computers as well as awareness of malicious insider threats. Many industrial systems are being (or want to be) connected to external networks using standard technologies like Ethernet and the Internet Protocol Suite (TCP/UDP/IP). These technologies make systems more functional and efficient, unfortunately they also open the critical infrastructure to cyber attacks.
New IIoT Systems are being designed with security as a key concern. New systems can leverage a solid set of security technologies and building blocks for Authentication, Cryptography, Integrity, etc. However these security technologies must be used correctly and in ways that do not disrupt the performance or access to the legitimate applications/devices, yet limit legitimate access to just the needed information (to minimize the insider threats) and denies access to all others. Adding to this difficulties the new systems need to co-exist and (securely) exchange information with the already-deployed legacy systems which were built without such security elements.
Secure DDS (a recent standard from the OMG) is a "secure connectivity middleware" technology that can be used to address these three needs: (1) Build modern secure IIoT systems, (2) Secure legacy Industrial systems being connected on the Internet, and (3) Securely bridge between new and legacy systems. Secure DDS extends the proven Data-Distribution Service (DDS) and Real-Time Publish-Subscribe Protocol (DDS-RTPS) standards with enterprise-grade authentication, encryption and fine-grained security controls while maintaining the peer-to-peer, robustness and scalability features (including secure multicast) that have made DDS a clear choice for critical infrastructure systems.
This presentation introduces the DDS Security specification and provide describe several use-cases that exemplify how these standards are deployed in real-world applications.
Revised Submission to the OMG Security RFP. Covers the plugin architecture and the proposed builtin plugins to provide Authentication, Access Control, Key Management, Confidentiality (Encryption), Message Authentication, and Auditing
Multiple protocols have been positioned as “the” application-layer messaging protocol for the Internet of Things (IoT) and Machine-to-Machine (M2M) communication. In fact, these protocols address different aspects of IoT messaging and are complementary more than competitive (other than for mindshare). This presentation compares two of these protocols, MQTT and DDS, and shows how they are designed and optimized for different communication requirements.
Short summary of the OMG DDS-WEB specification. This recently adopted standard enables thin-client applications (e.g. JavaScript applications in a browser) to access the real-time data on a DDS Domain. Industrial Internet applications built using DDS can now have a REST API.
Interoperability demonstration between 6 different products that implement the OMG DDS Interoperability Wire Protocol (DDS-RTPS).
The demonstration took place at the March 2012 OMG technical meeting in Washington DC.
The following companies demonstrated interoperability between their products: RTI (Connext DDS). TwinOaks Computing (CoreDX), PrismTech (OpenSpliceDDS), OCI (OpenDDS), ETRI (ETRI DDS), IBM.
By John Breitenbach, RTI Field Applications Engineer
Contents
Introduction to RTI
Introduction to Data Distribution Service (DDS)
DDS Secure
Connext DDS Professional
Real-World Use Cases
RTI Professional Services
Is Your Data Secure?
Odds are good that your data is extremely important to you. Now consider how one secures that data. Typical approaches address access, authentication, integrity, non-repudiation and confidentiality concerns at the domain and link layers, implicitly securing the data. The challenge and need is to move these security specifications to the data itself, and provide explicit security policies on each element of system-identified data.
Why is this level of finesse needed? As you build out your systems, and systems of systems, how do you manage security when individually element of data, the communication links, and domain boundaries have different behaviors? With this level of complexity and risk, it's critical to have awareness at the level that matters – the data level – so you can make the right design and implementation decisions.
At this webinar, learn how to achieve an assured and predictable security footprint by minimizing the leak of information or exploitation of data through unintended consequences. Secure DDS offers data-centric configuration policies for content and behaviors. Recognizing that security isn't one-size fits all, a standards-based optional plugin SDK allows developers to create custom security plugins.
Connext Secure DDS is the world's first turnkey DDS security solution that conforms to the OMG specification and provides an essential security infrastructure that is data-focused for DDS and legacy systems.
Watch On-Demand: http://ecast.opensystemsmedia.com/478
What's the Right Messaging Standard for the IoT?Angelo Corsaro
Different messaging and data sharing standards, such as AMQP, CoAP, DDS, MQTT, and REST have been proposed as candidate for addressing the data sharing challenges of the Internet of Things (IoT) and the Industrial Internet (I2).
In technical forums and social media there is no lack of passionate discussions that praise the merits of one standard over the other. Yet, to date, there are little or perhaps no analysis that look at the details of the different standards and perform an in depth, qualitative, analytic and empirical evaluation.
This presentation, will (1) introduce the key standards that are being proposed for the Internet of Things and the Industrial Internet, such as AMQP, CoAP, DDS, MQTT and REST, (2) present a qualitative comparison that highlights the different features provided by the various standards, (3) present an analytic comparison looking at the efficiency and scalability of the various protocols and (3) report the results of an empirical evaluation comparing the actual performances of the various standards.
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
This presentation will cover an overview of cloud market trends, the Infoblox Cloud Network Automation, VMware Private Cloud Automation use cases, and Amazon AWS and Hybrid/Public Cloud.
This presentation was delivered at the 2nd International Conference on Recent Trends in Information Technology and Computer Science in Mumbai. The paper deals with security issues in Cloud Computing, its mitigation and proposes a secure cloud mechanism with an implementation of the single-sign on mechanism on the Ubuntu Enterprise Cloud
DDoS Defense for the Hosting Provider - Protection for you and your customersStephanie Weagle
Distributed Denial of Service (DDoS) attacks are major threats to hosting providers as well as datacenter operators, and traditional game plans for protecting shared infrastructure should be revisited to better protect availability and allow hosting providers to potentially create incremental revenue streams. DDoS attacks can have a devastating impact on not only the customer under attack, but also on the hosting provider and other customers within the same shared network infrastructure.
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
Sections:
Introduction
Cloud Computing background
Securing the Cloud
Virtualization
Mobile Cloud Computing
User safety & energy consumption
Author’s proposal
Conclusion
In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
Identity-Based Distributed Provable Data Possession in Multicloud Storage1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
The infrastructure that deploys and manages digital certificates, known as a Public Key Infrastructure (PKI), is often the center for cryptography in an organization. It is also in service for 10+ years, which means that one must carefully consider design options before implementation. In this presentation, Frank will cover modern standards for cryptography, how they apply to a Microsoft PKI infrastructure, and share recommendations based on he has seen in the field.
By John Breitenbach, RTI Field Applications Engineer
Contents
Introduction to RTI
Introduction to Data Distribution Service (DDS)
DDS Secure
Connext DDS Professional
Real-World Use Cases
RTI Professional Services
Is Your Data Secure?
Odds are good that your data is extremely important to you. Now consider how one secures that data. Typical approaches address access, authentication, integrity, non-repudiation and confidentiality concerns at the domain and link layers, implicitly securing the data. The challenge and need is to move these security specifications to the data itself, and provide explicit security policies on each element of system-identified data.
Why is this level of finesse needed? As you build out your systems, and systems of systems, how do you manage security when individually element of data, the communication links, and domain boundaries have different behaviors? With this level of complexity and risk, it's critical to have awareness at the level that matters – the data level – so you can make the right design and implementation decisions.
At this webinar, learn how to achieve an assured and predictable security footprint by minimizing the leak of information or exploitation of data through unintended consequences. Secure DDS offers data-centric configuration policies for content and behaviors. Recognizing that security isn't one-size fits all, a standards-based optional plugin SDK allows developers to create custom security plugins.
Connext Secure DDS is the world's first turnkey DDS security solution that conforms to the OMG specification and provides an essential security infrastructure that is data-focused for DDS and legacy systems.
Watch On-Demand: http://ecast.opensystemsmedia.com/478
What's the Right Messaging Standard for the IoT?Angelo Corsaro
Different messaging and data sharing standards, such as AMQP, CoAP, DDS, MQTT, and REST have been proposed as candidate for addressing the data sharing challenges of the Internet of Things (IoT) and the Industrial Internet (I2).
In technical forums and social media there is no lack of passionate discussions that praise the merits of one standard over the other. Yet, to date, there are little or perhaps no analysis that look at the details of the different standards and perform an in depth, qualitative, analytic and empirical evaluation.
This presentation, will (1) introduce the key standards that are being proposed for the Internet of Things and the Industrial Internet, such as AMQP, CoAP, DDS, MQTT and REST, (2) present a qualitative comparison that highlights the different features provided by the various standards, (3) present an analytic comparison looking at the efficiency and scalability of the various protocols and (3) report the results of an empirical evaluation comparing the actual performances of the various standards.
Infoblox Cloud Solutions - Cisco Mid-Atlantic User GroupNetCraftsmen
This presentation will cover an overview of cloud market trends, the Infoblox Cloud Network Automation, VMware Private Cloud Automation use cases, and Amazon AWS and Hybrid/Public Cloud.
This presentation was delivered at the 2nd International Conference on Recent Trends in Information Technology and Computer Science in Mumbai. The paper deals with security issues in Cloud Computing, its mitigation and proposes a secure cloud mechanism with an implementation of the single-sign on mechanism on the Ubuntu Enterprise Cloud
DDoS Defense for the Hosting Provider - Protection for you and your customersStephanie Weagle
Distributed Denial of Service (DDoS) attacks are major threats to hosting providers as well as datacenter operators, and traditional game plans for protecting shared infrastructure should be revisited to better protect availability and allow hosting providers to potentially create incremental revenue streams. DDoS attacks can have a devastating impact on not only the customer under attack, but also on the hosting provider and other customers within the same shared network infrastructure.
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
Sections:
Introduction
Cloud Computing background
Securing the Cloud
Virtualization
Mobile Cloud Computing
User safety & energy consumption
Author’s proposal
Conclusion
In order to make cloud computing to be adopted by users and enterprises, security concerns of users should be rectified by making cloud environment trustworthy, discussed by Latif et al. in the assessment of cloud computing risks[2].
We address the questions related to:
security concerns and threats over general cloud computing,
(2) the solutions for these problems and
(3) mobile users safety in convergence with energy consumption.
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
Identity-Based Distributed Provable Data Possession in Multicloud Storage1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
The infrastructure that deploys and manages digital certificates, known as a Public Key Infrastructure (PKI), is often the center for cryptography in an organization. It is also in service for 10+ years, which means that one must carefully consider design options before implementation. In this presentation, Frank will cover modern standards for cryptography, how they apply to a Microsoft PKI infrastructure, and share recommendations based on he has seen in the field.
DDS - The Proven Data Connectivity Standard for the Industrial IoT (IIoT)Gerardo Pardo-Castellote
The next wave of Industrial Internet applications will connect machines and devices together into functioning, intelligent systems with capabilities beyond anything possible today. These systems fundamentally depend on connectivity and information exchange to derive knowledge and make "smart decisions". They require a much higher level of reliability and security than "Consumer" IoT applications. OMG's Data-Distribution Service for Real-Time Systems (DDS) is the premier open middleware standard directly addressing publish-subscribe communications for Industrial IoT applications. It provides a protocol that meets the demanding security, scalability, performance, and Quality of Service requirements of IIoT applications spanning connected machines, enterprise systems, and mobile devices.This presentation will use concrete use cases to introduce DDS and examine why energy, advanced medical, asset-tracking, transportation, and military systems choose to base their designs on DDS.
This presentation provides an overview of the initial submission to the OMG RFP on DDS Security. The presentation introduces the overall security model proposed for DDS and the protocols.
Scaling DDS to Millions of Computers and DevicesRick Warren
I gave this presentation at an Object Management Group (OMG) workshop in Arlington, VA in March, 2010. It describes some of the concerns that will impact DDS as it is scaled to very large, geographically distributed systems. It also describes possible ways these challenges can be addressed.
Cloud security From Infrastructure to People-wareTzar Umang
Understand Cloud Security in every level from infrastructure to people ware via understanding threats, hardening your servers and creating policies that will users be guided on securing themselves.
PyConline AU 2021 - Things might go wrong in a data-intensive applicationHua Chu
We are going to go behind the scene of building a data-intensive system. The story includes challenges I have faced and what I learned from those incidents.
https://2021.pycon.org.au/program/8hlvvs/
Fiware - communicating with ROS robots using Fast RTPSJaime Martin Losa
How to connect FIWARE to Robots ? We discuss how the FIWARE enablers can connect to ROS2, a de facto standard for robotic frameworks, using Fast RTPS and KIARA.
How to connect FIWARE to Robots ? We discuss how the FIWARE enablers can connect to ROS2, a de facto standard for robotic frameworks, using Fast RTPS and KIARA.
Large-Scale System Integration with DDS for SCADA, C2, and FinanceRick Warren
Presentation to the OMG Real-Time Workshop in May 2010 on system integration patterns, especially (but not exclusively) with respect to OMG Data Distribution Service (DDS) technology.
One of the most important challenges that system designers and system integrators face when deploying complex Industrial Internet of Things (IoT) systems is the integration of different connectivity solutions and standards. At RTI, we are constantly working to accelerate the Industrial IoT revolution. Over the past few years, we have developed standard connectivity gateways to ensure that DDS systems can easily integrate with other core connectivity frameworks.
This year, we developed a standard OPC UA/DDS Gateway, a bridge between two of the most well-known Industrial IoT connectivity frameworks. We are excited to announce that the gateway was just adopted by the Object Management Group (OMG).
In this webinar, we will dive deeper into the importance of choosing a baseline core connectivity standard for the Industrial IoT and how to ensure all system components are fully integrated. Attendees will also learn:
How the OPC UA/DDS Gateway specification was developed and how it works
How to leverage the Gateway to enable DDS and OPC UA applications to interoperate transparently
About the first standard connectivity gateway released with RTI Web Integration Service in Connext DDS 5.3
Gateways are a critical component of system interoperability and we will keep working to help companies accelerate Industrial IoT adoption.
Watch full webinar here: https://bit.ly/2Y0vudM
What is Data Virtualization and why do I care? In this webinar we intend to help you understand not only what Data Virtualization is but why it's a critical component of any organization's data fabric and how it fits. How data virtualization liberates and empowers your business users via data discovery, data wrangling to generation of reusable reporting objects and data services. Digital transformation demands that we empower all consumers of data within the organization, it also demands agility too. Data Virtualization gives you meaningful access to information that can be shared by a myriad of consumers.
Register to attend this session to learn:
- What is Data Virtualization?
- Why do I need Data Virtualization in my organization?
- How do I implement Data Virtualization in my enterprise?
Four Keys to Securing Distributed Control Systems and the Industrial IoT
Originally aired November 13, 2014
View On-Demand now: http://event.on24.com/r.htm?e=879027&s=1&k=F51E9DE70EB5A3BA7A0ECB9FB2CFCB66&partnerref=rti
Control systems are at the core of critical infrastructure and industrial applications. These include the power grid, medical devices, manufacturing systems, transportation infrastructure, cars and defense systems.
Because of their essential role and the value of the information they exchange, these systems must be protected from both espionage and sabotage. This is becoming even more imperative as the enabling devices are increasingly connected into the Industrial Internet of Things to improve efficiency and availability.
Securing control systems is particularly challenging because security cannot come at the expense of other fundamental requirements, including reliability, real-time performance, autonomy and interoperability.
This webinar will introduce the new Data Distribution Service (DDS) Security standard, the first standard designed to address security for mission-critical real-time systems. It will review how the DDS standard provides authentication, confidentiality and access control while still satisfying demanding reliability and performance requirements. It will also show how DDS Security can be easily incorporated into existing systems regardless of whether or not they already use DDS.
Speaker: David Barnett, Vice President of Products and Markets
Protecting Financial Networks from Cyber CrimeLancope, Inc.
Financial services organizations are prime targets for cyber criminals. They must take extreme care to protect customer data, while also ensuring high levels of network availability to allow for 24/7 access to critical financial information. Additionally, industry consolidation has created large, heterogeneous network environments within large financial institutions, making it difficult to ensure that networks have the necessary visibility and protection to prevent a devastating security breach. By leveraging NetFlow from existing network infrastructure, financial services organizations can achieve comprehensive visibility across even the largest, most complex networks. The ability to quickly detect a wide range of potentially malicious activity helps prevent damaging data breaches and network disruptions. Attend this informational webinar, conducted by Lancope’s Director of Security Research, Tom Cross, to learn: How NetFlow can help quickly uncover both internal and external threats How pervasive network insight can accelerate incident response and forensic investigations How to substantially decrease enterprise risks
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
Data centers move exabytes of data through their networks. This explosive growth in network traffic has put demands on data centers to adapt and add new technologies and standards to keep pace and make information easily accessible. Our personal information, company IP assets and sensitive data run across these networks that are constantly under persistent and malicious cyber attacks to look for vulnerabilities in their networks. IT security teams have to protect complex networks that are growing in size and complexity. They call for a new approach to gaining full – rather than partial – visibility into network behavior to stop downtime losses and data leaks.
By providing 1 to 1 NetFlow generation then collecting the data and analyzing the flow records is essential in time-to-resolution (TTR). To help you take full advantage of valuable NetFlow data for use in network security management, Emulex and Lancope have created a best-in-class network and security solution that allows you to quickly and continuously monitor the makeup of the traffic traversing your network.
In this webinar, we’ll explore why network security management is crucial in managing functionality and visibility of an organization’s network infrastructure and how Emulex helps address these deployment requirements. We'll also explore what matters most when network security is breached, and share some best practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.
Proofpoint: Fraud Detection and Security on Social MediaDataStax Academy
Social media has become the new frontier for cyber-attackers. The explosive growth of this new communications platform, combined with the potential to reach millions of people through a single post, has provided a low barrier for exploitation. In this talk, we will focus on how Cassandra is used to enable our fight against bad actors on social media. In particular, we will discuss how we use Cassandra for anomaly detection, social mob alerting, trending topics, and fraudulent classification. We will also speak about our Cassandra data models, integration with Spark Streaming, and how we use KairosDB for our time series data. Watch us don our superhero-Cassandra capes as we fight against the bad guys!
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
From its first use case that enabled distributed communications for US Navy ships to the autonomous systems of today, the DDS family of standards has enabled new generations of applications to run reliably, rapidly and securely, regardless of distance or scale.
To commemorate the 20th year milestone, the DDS Foundation is creating presentations that highlight the 14 specifications in the DDS standard, along with selected real-world use cases.
This presentation introduces some of the original use-cases and experiments, along with a brief history of the Standards.
A recorded video of the presentation is available at this URL
https://www.brighttalk.com/webcast/12231/602966
Introduction to DDS: Context, Information Model, Security, and Applications.Gerardo Pardo-Castellote
Introduction to the Data-Distribution Service (DDS): Context and Applications.
This 50 minute presentation summarizes the main features of DDS including the information model, the type system, and security as well as how typical applications use DDS.
It was presented at the Canadian Government Information Day in Ottawa on September 2018.
There is also a video of this presentation at https://www.youtube.com/watch?v=6iICap5G7rw.
This Object Management Group (OMG) RFP solicits submissions identifying and defining mechanisms to achieve integration between DDS infrastructures and TSN networks. The goal is to provide all artifacts needed to support the design, deployment and execution of DDS systems over TSN networks.
The DDS-TSN integration specification sought shall realize the following functionality:
● Define mechanisms that provide the information required for TSN-enabled networks to calculate any network schedules needed to deploy a DDS system.
OMG RFP
● Identify those parts of the set of the IEEE TSN standards that are relevant for a DDS-TSN integration and indicate how the DDS aspects are mapped onto, or related to, the associated TSN aspects. Examples include TSN- standardized information models for calculating system-wide schedules and configuring network equipment.
● Identify and specify necessary extensions to the [DDSI-RTPS] and [DDS- SECURITY] specifications, if any, to allow DDS infrastructures to use TSN- enabled networks as their transport while maintaining interoperability between different DDS implementations.
● Identify and specify necessary extensions to the DDS and DDS- XML specification, if any, to allow declaration of TSN-specific properties or quality of service attributes.
A NEW ARCHITECTURE PROPOSAL TO INTEGRATE OPC UA, DDS & TSN.
Suppliers and end users need a complete solution to address the complexity of future industrial automation systems. These systems require:
• Interoperability to allow devices and independent software applications from multiple suppliers to work together seamlessly
• Extensibility to incorporate future large or intelligent systems
• Performance and flexibility to handle challenging deployments and use cases
• Robustness to guarantee continuity of operation despite partial failures
• Integrity and fine-grained security to protect against cyber attacks
• Widespread support for an industry standard
This document proposes a new technical architecture to build this future. The design combines the best of the OPC Unified Architecture (OPC UA), Data Distribution Service (DDS), and Time-Sensitive Networking (TSN) standards. It will connect the factory floor to the enterprise, sensors to cloud, and real-time devices to work cells. This proposal aims to define and standardize the architecture to unify the industry.
Technical overview of the DDS for Extremely Resource-Constrained Environments (DDS-XRCE) specification.
This specification was adopted by the OMG in March 2018.
Demonstrates interoperability of 5 independent products that implement the Data-Distribution Service (DDS) Security Standard
(https://www.omg.org/spec/DDS-SECURITY/).
Tests the following implementations: RTI Connext DDS, Twin Oaks Computing CoreDX DDS, Kongsberg InterComm DDS, ADLink Vortex DDS Cafe, and Object Computing Inc OpenDDS.
This demonstration was performed at the OMG Meeting held in Reston, VA, USA in March 2018
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkGerardo Pardo-Castellote
The benefits of Model-Based Systems Engineering (MBSE) and SysML are well established. As a result, users want to apply MBSE to larger and more complex Industrial IoT applications.
Industrial IoT applications can be very challenging: They are distributed. They deploy components across nodes spanning from small Devices to Edge computers to the Cloud. They often need mathematically-complex software. Moreover, they have strict requirements in terms of performance, robustness, and security.
SysML can model requirements, system components, behavior, interactions, and more. However, SysML does not provide a robust way to connect components running across different computers, especially when the security and quality of service of individual data-flows matter. SysML also does not provide all the tools needed to model and generate the (mathematical) code for complex dynamic systems.
A new “DDS + Simulink” MagicDraw SysML plugin has been developed to addresses these needs. It brings to MagicDraw users the capabilities of Connext DDS from RTI and Simulink from Mathworks:
The OMG Data-Distribution Service (DDS) is a secure and Qos-aware connectivity “databus”. DDS is considered the core connectivity framework for Software Integration and Autonomy by the Industrial Internet Consortium. Connext DDS is the leading implementation of the DDS standard, proven in 1000s of critical deployments.
Simulink is a tool for modeling and implementing the code needed for complex dynamic systems. It is widely deployed in many application domains including Automotive, Robotics, and Control Systems.
The new MagicDraw plugin defines a “DDS profile” for SysML that can model a distributed application connected using the DDS databus. The plugin can also generate the artifacts that configure the DDS databus (Topics, Data Types, Qos, etc.) and the adapters to Simulink and native code (e.g. C++ or Java).
By integrating three best-of class technologies: SysML, DDS and Simulink it is now possible to do MBSE for a wide range of Industrial IoT applications.
This is the Beta 1 version of the OPC UA / DDS Gateway specification released by the Object Management Group in March 2018.
This specification defines a standard, vendor-independent, configurable gateway that enables interoperability and information exchange between systems that use DDS and systems that use OPC UA.
Data Distribution Service (DDS) is a family of standards from the Object Management Group (OMG) that provide connectivity, interoperability, and portability for Industrial Internet, cyber-physical, and mission-critical applications.
The DDS connectivity standards cover Publish-Subscribe (DDS), Service Invocation (DDS-RPC), Interoperability (DDS-RTPS), Information Modeling (DDS-XTYPES), Security (DDS-SECURITY), as well as programing APIs for C, C++, Java and other languages.
The OPC Unified Architecture (OPC UA) is an information exchange standard for Industrial Automation and related systems created by the OPC Foundation. The OPC UA standard provides an Addressing and Information Model for Data Access, Alarms, and Service invocation layered over multiple transport-level protocols such as Binary TCP and Web-Services.
DDS and OPC UA exhibit significant deployment similarities:
• Both enable independently developed applications to interoperate even when those applications come from different vendors, use different programming languages, or run on different platforms and operating systems.
• Both have significant traction within Industrial Automation systems.
• Both define standard protocols built on top of the TCP/ UDP/IP Internet stacks.
The two technologies may coexist within the same application domains; however, while there are solutions that bridge between DDS and OPC UA, these are based on custom mappings and cannot be relied to work across vendors and products.
This is the DDS-XRCE 1.0 Beta specification adopted by the OMG March 2018.
The purpose of DDS-XRCE is to enable resource-constrained devices to participate in DDS communication, while at the same time allowing those devices to be disconnected for long periods of time but still be discoverable by other DDS applications.
DDS-XRCE defines a wire protocol, the DDS-XRCE protocol, to be used between an XRCE Client and XRCE Agent. The XRCE Agent is a DDS Participant in the DDS Global Data Space. The DDS-XRCE protocol allows the client to use the XRCE Agent as a proxy in order to produce and consume data in the DDS Global Data Space.
Demonstrates interoperability of 5 independent products that implement the Data-Distribution Service (DDS) Security Standard
(https://www.omg.org/spec/DDS-SECURITY/).
Tests the following implementations: RTI Connext DDS, Twin Oaks Computing CoreDX DDS, Kongsberg InterComm DDS, ADLink Vortex DDS Cafe, and Object Computing Inc OpenDDS.
Demonstrates interoperability of 3 independent products that implement the Data-Distribution Service (DDS) Security Standard
(https://www.omg.org/spec/DDS-SECURITY/).
Tests the following implementations: RTI Connext DDS, Twin Oaks Computing CoreDX DDS, and Kongsberg InterComm DDS.
This specification provides the following additional facilities to DDS [DDS] implementations and users:
* Type System. The specification defines a model of the data types that can be used for DDS Topics. The type system is formally defined using UML. The Type System is de- fined in section 7.2 and its subsections. The structural model of this system is defined in the Type System Model in section 7.2.2. The framework under which types can be modi- fied over time is summarized in section 7.2.3, “Type Extensibility and Mutability.” The concrete rules under which the concepts from 7.2.2 and 7.2.3 come together to define compatibility in the face of such modifications are defined in section 7.2.4, “Type Com- patibility.”
* Type Representations. The specification defines the ways in which types described by the Type System may be externalized such that they can be stored in a file or communi- cated over a network. The specification adds additional Type Representations beyond the
DDS-XTypes version 1.2 1
one (IDL [IDL41]) already implied by the DDS specification. Several Type Representa- tions are specified in the subsections of section 7.3. These include IDL (7.3.1), XML (7.3.2), XML Schema (XSD) (7.3.3), and TypeObject (7.3.4).
* Data Representation. The specification defines multiple ways in which objects of the types defined by the Type System may be externalized such that they can be stored in a file or communicated over a network. (This is also commonly referred as “data serializa- tion” or “data marshaling.”) The specification extends and generalizes the mechanisms already defined by the DDS Interoperability specification [RTPS]. The specification in- cludes Data Representations that support data type evolution, that is, allow a data type to change in certain well-defined ways without breaking communication. Two Data Repre- sentations are specified in the subsections of section 7.4. These are Extended CDR (7.4.1, 7.4.2, and 7.4.3) and XML (7.4.4).
* Language Binding. The specification defines multiple ways in which applications can access the state of objects defined by the Type System. The submission extends and gen- eralizes the mechanism currently implied by the DDS specification (“Plain Language Binding”) and adds a Dynamic Language Binding that allows application to access data without compile-time knowledge of its type. The specification also defines an API to de- fine and manipulate data types programmatically. Two Language Bindings are specified in the subsections of section 7.5. These are the Plain Language Binding and the Dynamic Language Binding.
This specification defines the Security Model and Service Plugin Interface (SPI) architecture for compliant DDS implementations. The DDS Security Model is enforced by the invocation of these SPIs by the DDS implementation. This specification also defines a set of builtin implementations of these SPIs.
* Authentication Service Plugin. Provides the means to verify the identity of the application and/or user that invokes operations on DDS. Includes facilities to perform mutual authentication between participants and establish a shared secret.
* AccessControl Service Plugin. Provides the means to enforce policy decisions on what DDS related operations an authenticated user can perform. For example, which domains it can join, which Topics it can publish or subscribe to, etc.
* Cryptographic Service Plugin. Implements (or interfaces with libraries that implement) all cryptographic operations including encryption, decryption, hashing, digital signatures, etc. This includes the means to derive keys from a shared secret.
* Logging Service Plugin. Supports auditing of all DDS security-relevant events Data Tagging Service Plugin. Provides a way to add tags to data samples.
This document specifies the OMG Interface Definition Language (IDL). IDL is a descriptive language used to define data types and interfaces in a way that is independent of the programming language or operating system/processor platform.
The IDL specifies only the syntax used to define the data types and interfaces. It is normally used in connection with other specifications that further define how these types/interfaces are utilized in specific contexts and platforms.
This the the formal version 1.0 of the DDS Security specification released September 2016. OMG document number formal/2016-08-01.
DDS-Security defines the Security Model and Service Plugin Interface (SPI) architecture for compliant DDS implementations.
The DDS Security Model is enforced by the invocation of these SPIs by the DDS implementation. This specification also defines a set of builtin implementations of these SPIs.
* The specified builtin SPI implementations enable out-of-the box security and interoperability between compliant DDS applications.
* The use of SPIs allows DDS users to customize the behavior and technologies that the DDS implementations use for Information Assurance, specifically customization of Authentication, Access Control, Encryption, Message Authentication, Digital Signing, Logging and Data Tagging.
This specification is a response to the OMG RFP "eXtremely Resource Constrained Environments DDS (DDS- XRCE)"
It defines a DDS-XRCE Service based on a client-server protocol between a resource constrained, low-powered device (client) and an Agent (the server) that enables the device to communicate with a DDS network and publish and subscribe to topics in a DDS domain. The specifications purpose and scope is to ensure that applications based on different vendor’ implementations of the DDS-XRCE Service are compatible and interoperable.
This is the Joint submission by RTI, TwinOaks, and eProsima. Updated September 2017, OMG document number mars/2017-09-18.
Presentation at the 2016 IIOT Challenges and Opportunities Workshop.
The next wave of Industrial Internet applications will connect machines and devices together into functioning, intelligent systems with capabilities beyond anything possible today. These systems fundamentally depend on connectivity and information exchange to derive knowledge and make "smart decisions". They require a much higher level of reliability and security than "Consumer" IoT applications. OMG's Data-Distribution Service for Real-Time Systems (DDS) is the premier open middleware standard directly addressing publish-subscribe communications for Industrial IoT applications. It provides a protocol that meets the demanding security, scalability, performance, and Quality of Service requirements of IIoT applications spanning connected machines, enterprise systems, and mobile devices.This presentation will use concrete use cases to introduce DDS and examine why energy, advanced medical, asset-tracking, transportation, and military systems choose to base their designs on DDS.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
5. Data-‐Centric
Qos-‐Aware
Pub-‐Sub
Model
Persistence
Service
Recording
Service
Virtual,
decentralized
global
data
space
CRUD
opera:ons
Source
(Key)
Speed Power Phase
WPT1 37.4 122.0 -12.20
WPT2 10.7 74.0 -12.23
WPTN 50.2 150.07 -11.98
6. Data
Reader
“Alarm”
Domain
Par:cipant
Data
Writer
“Alarm”
Domain
Par:cipant
Data-‐Centric
Communica:ons
Model
• ParDcipants
scope
the
global
data
space
(domain)
• Topics
define
the
data-‐objects
(collec:ons
of
subjects)
• DataWriters
publish
data
on
Topics
• DataReaders
subscribe
to
data
on
Topics
• QoS
Policies
are
used
configure
the
system
• Listeners
are
used
to
no:fy
the
applica:on
of
events
Listener
Offered
QoS Listener
Got new
data
Requested
QoS
New
subscriber
!
example
7. Data-‐Object
Iden:ty
in
the
Global
Data
Space
• Domain:
world
you’re
talking
about
• Topic:
group
of
similar
objects
– Similar
structure
(“type”)
what
– Similar
way
they
change
when
over
:me
(“QoS”)
how
• Instance:
individual
object
– Like
the
“key”
fields
in
a
database
table
• DataWriter:
source
of
observa:ons
about
a
set
of
data-‐objects
(Topic)
• DataReader:
observer
of
a
set
of
data-‐objects
(Topic)
Domain
(e.g.
Yellowstone
Park)
Topic
(e.g.
bears
in
the
park)
Topic
Snow
Depth
Sensors
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
ID
GPS
value
Instance
(e.g.
Yogi
the
bear)
Instance
Object
Address
==
Object
Iden:ty
8. Sample
Iden:fica:on
need
• DataReaders
must
be
able
to
combine
the
samples
from
mul7ple
physical
data
sources
publishing
from
related
logical
data
source(s).
• Example:
MulD-‐Path
Delivery
• Example:
Cross-‐Topic
Ordering
8
DataReader
Durability
Service
DDS
Domain
“PosiDon”
DataReader
“PosiDon”
DataWriter
“Velocity”
DataWriter
DDS
Domain
“Velocity”
DataReader
Subscriber
Publisher
9. Global
Sample
Iden:fica:on
Each
sample
within
a
Domain
and
a
Topic
is
uniquely
iden:fied
by
a
virtual
iden:ty:
the
tuple
(Virtual
GUID,
Virtual
SequenceNumber)
– Virtual
GUID
(VGUID):
16-‐byte
iden:fier
iden:fying
the
data
source.
– Virtual
Sequence
Number
(VSN):
monotonically
increasing
64-‐bit
integer
that
iden:fies
the
sample
in
the
data
source.
DataWriter
DataWriter
DataWriter
DataBus
Domain
DataReader
(1,1)
(1,1)
(1,1)
(1,1)
(2,1)
(2,1)
(1,1)
(2,1)
A
DataReader
only
delivers
a
single
copy
of
a
sample
to
the
applica:on.
Duplicates
are
filtered
out.
(2,1)
Sample
with
VGUID
2
and
VSN1
10. Approaches
to
Sogware
Integra:on
App
App
App
App
App
App
Point-‐to-‐point
Not
maintainable:
-‐
Number
of
interfaces
grows
as
Modules^2
-‐
Add
hoc
integra:on
makes
reuse
difficult
-‐
Addi:on
of
new
modules
affects
exis:ng
ones
11. Approaches
to
Sogware
Integra:on
App
App
App
App
App
App
Point-‐to-‐point
App
App
App
App
App
App
Server/
Broker/
ESB
Inefficient,
not-‐robust,
and
expensive:
-‐
Centralized
server
becomes
boFleneck
-‐
Server
or
server-‐comm
failure
compromises
system
-‐
Server
is
hard
to
deploy,
power,
hide
12. Approaches
to
Sogware
Integra:on
DDS
Data-‐Centric
Bus
App
App
App
App
App
App
App
App
App
App
App
App
Point-‐to-‐point
App
App
App
App
App
App
Server/
Broker/
ESB
Superior
approach:
-‐
Number
of
interfaces
can
be
constant
or
linear
-‐
No
servers
=>
performance
&
availability
-‐
Lower
cost
in
hardware
&
soMware
maintenance
17. Security
Terms:
a
Safe-‐Deposit
Box
• Authen:ca:on:
The
bank
knows
who
you
are;
you
must
show
ID.
• Access
Control:
The
bank
only
lets
those
on
an
access
list
into
your
box.
• Confiden:ality:
You
are
alone
in
the
room
Nobody
can
see
the
contents
of
the
box.
• Integrity:
The
box
is
sealed.
If
anybody
touches
it
you
will
know.
• Non
repudia:on:
You
sign
when
you
come
in
and
out
so
you
can’t
claim
that
you
weren’t
there.
• Availability:
The
bank
is
always
open.
1717
29. 29
(D)TLS
Transport
for
DDS
• DTLS:
Datagram
version
of
the
TLS
protocol
• Like
TLS
provides:
AuthenDcaDon,
encrypDon,
integrity
• Requires:
– A
Cer:ficate
Authority
(CA)
– An
applica:on
must
be
configured
with
an
iden:fying
cer:ficate
assigned
by
the
CA
– An
applica:on
must
have
a
private
key
associated
with
the
public
key
in
the
cer:ficate
• Standard
protocol
(
with
open
source:
OpenSSL
)
– The
protocol
is
highly
scru:nized
– No
mulDcast
support
This
transport
is
available
in
Connext
DDS
4.5
and
5.0
32. 1.
Secure
Channel
between
Systems
3/17/14
32
System
1
Rou:ng
Service
Gateway
acts
as
security
point
System
2
Rou:ng
Service
TLS
This
solu7on
is
available
in
Connext
DDS
4.5
and
5.0
33. Secure
Channel
with
Firewall
3/17/14
33
System
1
Rou:ng
Service
System
2
Rou:ng
Service
TLS
Can
use
firewall
as
added
protec:on
This
solu7on
is
available
in
Connext
DDS
4.5
and
5.0
34. DDS
Rou:ng
Service
with
Secure
Asymmetric
TCP
• WAN
clients
access
DDS
data
within
LAN
– Clients
communicate
with
par:cipants
in
LAN
not
between
each
other
– Clients
behind
fire-‐walls
– Only
one
public
address
required.
Only
one
firewall
configured
• Example:
Exposing
a
service
to
end-‐user
clients
Remote
App
System
1
Rou:ng
Service
Remote
App
Remote
App
This
solu7on
is
available
in
Connext
DDS
4.5
and
5.0
Assymetric
TLS