SlideShare a Scribd company logo

The DDS Security Standard

Angelo Corsaro
Angelo Corsaro

This presentation introduces the DDS Security Standard. A plug-in based framework that provides data-centric security.

Technology
1 of 52
Download to read offline
CopyrightPrismTech,2017 Angelo Corsaro, PhD CTO, ADLINK Tech. Inc. Co-Chair, OMG DDS-SIG angelo.corsaro@adlinktech.com The DDS Security Standard
CopyrightPrismTech,2017 DDS Refresher
CopyrightPrismTech,2017 DDS provides applications with a Virtual Global Data Space abstraction DDS Abstraction DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
CopyrightPrismTech,2017 Applications coordinate by autonomously and asynchronously reading and writing data in the Data Space enjoying spatial and temporal decoupling DDS Abstraction DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
CopyrightPrismTech,2017 DDS has built-in dynamic discovery that automatically matches interest and establishes data path isolating applications from network topology and connectivity details Dynamic Discovery DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
CopyrightPrismTech,2017 DDS global data space implementation is decentralised and does not suffer of single point of failure or bottleneck Decentralised Data-Space Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS TopicD QoS TopicD QoS TopicA QoS DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
CopyrightPrismTech,2017 Connectivity is dynamically adapted to chose the most effective way of sharing data Adaptive Connectivity Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS TopicD QoS TopicD QoS TopicA QoS The communication between the DataWriter and matching DataReaders can be peer-to- peer exploiting UDP/IP (Unicast and Multicast)or TCP/IP The communication between the DataWriter and matching DataReaders can be “brokered” but still exploiting UDP/IP (Unicast and Multicast)or TCP/IP
CopyrightPrismTech,2017 DDS data streams are defined by means of Topics A Topic represented is by means of a <name, type, qos> Topics Organisation DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS Topic Type Name QoS
CopyrightPrismTech,2017 Topic may mark some of their associated type attributes as key- fields Each unique key value (tuple of key attributes) identifies a Topic Instance. Each Topic Instance has associated a FIFO ordered stream of samples DDS provides useful instance life- cycle management and samples demultiplexing Topic Instances
CopyrightPrismTech,2017 DDS information lives within a domain A domain can be thought as organised in partitions Samples belonging to a given Topic Instance are read/written from/in one or more partitions Information Scopes
CopyrightPrismTech,2017 Anatomy of a DDS Application
CopyrightPrismTech,2017 Security Models
CopyrightPrismTech,2017 Network Security implements authentication and encryption at Layer 3 of the ISO/OSI reference model, e.g., IPSec Transport Security implements a secure channel above a Layer-4 abstraction, e.g., TLS for TCP/IP and DTLS for UDP/IP Notice that network security and transport security are concerned with the creation of secure channels, but no access control is performed over exchanged information Network/Transport Security
CopyrightPrismTech,2017 Boundary security is concerned with securing the interconnection of a system with an untrusted network. The system network, is considered trusted. In any case security within the system is addressed using traditional LAN-level security techniques DMZ is a common way of implementing boundary security. Notice that access control can be executed as part of the DMZ Boundary Security
CopyrightPrismTech,2017 DDS vendors have been providing transport security solution for some time. Network/transport security solutions based on TLS/DTLS are not suitable for high-fan-out group communication nor for real-time data flows Additionally Network/Transport security solutions don’t provide any access control Toward DDS Security
CopyrightPrismTech,2017 Provide a data-centric security that allows to control access to the DDS Global Data Space Ensure that the security solution is multicast- friendly Design for extensibility and customisability DDS Security Goals
CopyrightPrismTech,2017 The DDS Security Model defines the security principals, the objects that are being secured, and the operations on the objects that are to be restricted DDS applications share information on DDS Global Data Spaces (DDS Domains) where the information is organised into Partitions, Topics and Instances and accessed by means of read and write operations on data- instances of those Topics. DDS Security Model
CopyrightPrismTech,2017 The DDS Security provides • Confidentiality of the data samples 
 • Integrity of the data samples and the messages that contain them 
 • Authentication of DDS writers and readers 
 • Authorisation of DDS writers and readers 
 • Non-repudiation of data 
 DDS Security Model
CopyrightPrismTech,2017 Security Threats
CopyrightPrismTech,2017 The DDS Security specification provide protection against: • Unauthorised Subscription • Unauthorised Publication • Tampering and Replay • Unauthorised data access Security Threats [See DDS Security Specification v1.0 p.9]
CopyrightPrismTech,2017 Eve has managed to connected to the same network as the rest of the applications and is able to see DDSI packets not addressed to him Unauthorised Subscription [See DDS Security Specification v1.0 p.9]
CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] To protect Alice against Eve’s unauthorised subscription, DDS Security uses a secret key shared only with authorised readers such as Bob, Trent and Mallory Unauthorised Subscription
CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] Trudy is connected to the same network infrastructure as the rest of the agents and is able to inject network packets with any data contents, headers and destination she wishes (e.g., Bob). The network infrastructure will route those packets to the indicated destination Unauthorised Publication
CopyrightPrismTech,2017 To protect against Trudy, Bob, Trent and Mallory need to realise that the data is not originating from Alice. They need to realise that the data is coming from someone not authorised to send data on Topic T and therefore reject the packet Unauthorised Publication [See DDS Security Specification v1.0 p.9]
CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] To protect against Unauthorised Publications the DDS Security standard allows writers to sign their messages Messages can be signed with either a hash-based message authentication code (HMAC) or digital signature. Unauthorised Publication
CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] Mallory is authorised to subscribe to Topic T Therefore Alice has shared with Mallory the secret key to encrypt the topic and also, if an HMAC is used, the secret key used for the HMAC Tampering and Relay Assume Alice used HMACs instead of digital signatures. Then Mallory can use her knowledge of the secret keys used for data encryption and the HMACs to create a message on the network and pretend it came from Alice.
CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] If Alice used an HMAC, the only solution to the problem is to have a different HMAC secret key for each matching reader. Then Mallory will not have the HMAC key that Bob expects from Alice and the messages from Mallory to Bob will not be misinterpreted as coming from Alice. Tampering and Relay
CopyrightPrismTech,2017 If Alice uses multicast to communicate efficiently with multiple receivers, she will have to send an HMAC with a different key for every receiver. In other terms multiple HMACs will be appended to the multicast message along with some key-id that allows the recipient to select the correct HMAC Signing messages using a digital signature based on public key cryptography removes this challenge at the cost of running a more time-consuming signing algorithm Tampering and Relay [See DDS Security Specification v1.0 p.9]
CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] Infrastructure services, such as the DDS Durability Service or DDS- middle-boxes need to be able to receive messages, verify their integrity, store them, and send them to other participants on behalf of the original application These services can be trusted not to be malicious; however, often it is not desirable to let them understand the contents of the data. They are allowed to store and forward the data, but not to see inside the data Unauthorised Access by Services
CopyrightPrismTech,2017 Unauthorised Access by Services [See DDS Security Specification v1.0 p.9] The DDS Security Standard addresses this problem by supporting independent configuration for protocol and user data encryption This way, infrastructure services only need to be trusted with the secrets required to process the protocol data, but not with the secrets required to read the user data
CopyrightPrismTech,2017 DDS Security Architecture
CopyrightPrismTech,2017 The DDS Security standard has a modular and plug-in architecture that allows for pluggable Authentication, Access Control, Logging, Cryptography and Data Tagging Plug-in Architecture [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Authenticate the principal that is joining a DDS Domain Support mutual authentication between participants and establish a shared secret Authentication Control Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 The DDS Security discovery is enhanced with an authentication protocol For protected DDS Domains a DomainParticipant that enables the authentication plugin will only communicate with another Domain Participant that has the authentication plugin enabled Authentication Control Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Decide whether a principal is allowed to perform a protected operation. Access Control Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Once a DomainParticipant is authenticated, its permissions need to be validated and enforced Access rights are often described using an access control matrix where the rows are subjects (i.e., users), the columns are objects (i.e., resources), and a cell defines the access rights that a given subject has over a resource Typical implementations provide either a column-centric view, i.e., access control lists, or a row-centric view, i.e., a set of capabilities stored with each subject The DDS Access Control plugin supports both approaches Access Control Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Generate keys. Perform Key Exchange. Perform the encryption and decryption operations. Compute digests, compute and verify Message Authentication Codes. Sign and verify signatures of messages. Cryptography Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 The Cryptographic plugin defines the operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters andDDSDataReaders Users of DDS may have specific cryptographic libraries they use for encryption, as well as, specific requirements regarding the algorithms for digests, message authentication, and signing. In addition, applications may require having only some of those functions performed, or performed only for certain DDS Topics and not for others. Cryptography Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Log all security relevant events Logging Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Add a data tag for each data sample Data Tagging Plugin [See DDS Security Specification v1.0 p.47]
CopyrightPrismTech,2017 Securing DDSI-RTPS Messages
CopyrightPrismTech,2017 An DDSI-RTPS Message is composed of a leading Header followed by a variable number of Submessages. Each Submessage is composed of a SubmessageHeader followed by a variable number of SubmessagElements. There are various kinds of SubmessageElements to communicate things like sequence numbers, unique identifiers for DataReader and DataWriter entities, SerializedKeys or KeyHash of the application data, source timestamps, QoS, etc. DDSI-RTPS Message [See DDS Security Specification v1.0 p.18]
CopyrightPrismTech,2017 Name Description Authentication DDS:Auth:PKI-DH Uses PKI with a pre- configured shared Certificate Authority. RSA or DSA and Diffie- Hellman for authentication and key exchange. Access Control DDS:Access:Permissions Permissions document signed by shared Certificate Authority Cryptography DDS:Crypto:AES-GCM-GMAC AES-GCM (AES using Galois Counter Mode) for encryption. AES-GMAC for message authentication Data Tagging DDS:Tagging:DDS_Discovery Send Tags via endpoint discovery Logging DDS:Logging:DDS_LogTopic Logs security events to a dedicated DDS Log Topic Default Plugins
CopyrightPrismTech,2017 DDS Security is implemented as a “bump” in the DDSI-RTPS Protocol stack In other terms, the plugins transform regular DDSI-RTPS messages into secure DDSI-RTPS messages before sending on the wire. Likewise secure DDSI-RTPS messages are transformed into regular messages before being passed to the protocol state machine Message Transformation [See DDS Security Specification v1.0 p.25]
CopyrightPrismTech,2017 Prefix and Postfix “markers” are defined for both the DDSI-RTPS message as well as its sub-messages These sub-messages provide the required information to decrypt and authenticate the sources Message Transformation [See DDS Security Specification v1.0 p.25]
CopyrightPrismTech,2017 Interoperability
CopyrightPrismTech,2017 The DDS Security Standard ensures that compliant implementation can securely interoperate Additionally a DDS implementation compliant with the DDS Security standard is capable of interoperating with a non-secure DDS implementation over non-secured Topics Interoperability
CopyrightPrismTech,2017 Scaling Security
CopyrightPrismTech,2017 To build Scalable and Secure DDS systems a combination of regular DDS Security and Boundary Security will be necessary Introducing boundaries allow to group entire subsystems behind a single (or a few) subjects, thus making it easier to scale The DDS Security mechanism are suitable for Boundary Securing implementation Securing at Scale
CopyrightPrismTech,2017 Concluding Remarks
CopyrightPrismTech,2017 Summing Up [See DDS Security Specification v1.0 p.9] The DDS Security Standard provides protection against: • Unauthorised Subscription • Unauthorised Publication • Tampering and Replay • Unauthorised data access The specific implementation supports multicast and real-time communication The DDS-Security mechanism can be used for implementing sub- system as well as boundary security
CopyrightPrismTech,2017

Recommended

DDS Security
DDS SecurityDDS Security
DDS SecurityAngelo Corsaro
 
OpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIOpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIAngelo Corsaro
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure IntroJohn Breitenbach
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service TutorialAngelo Corsaro
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part IIAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
10 Reasons for Choosing OpenSplice DDS
10 Reasons for Choosing OpenSplice DDS10 Reasons for Choosing OpenSplice DDS
10 Reasons for Choosing OpenSplice DDSAngelo Corsaro
 

Recommended

DDS Security
DDS SecurityDDS Security
DDS SecurityAngelo Corsaro
 
OpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIOpenSplice DDS Tutorial -- Part II
OpenSplice DDS Tutorial -- Part IIAngelo Corsaro
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure IntroJohn Breitenbach
 
The Data Distribution Service Tutorial
The Data Distribution Service TutorialThe Data Distribution Service Tutorial
The Data Distribution Service TutorialAngelo Corsaro
 
DDS In Action Part II
DDS In Action Part IIDDS In Action Part II
DDS In Action Part IIAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution ServiceAngelo Corsaro
 
10 Reasons for Choosing OpenSplice DDS
10 Reasons for Choosing OpenSplice DDS10 Reasons for Choosing OpenSplice DDS
10 Reasons for Choosing OpenSplice DDSAngelo Corsaro
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
Distributed Simulations with DDS and HLA
Distributed Simulations with DDS and HLADistributed Simulations with DDS and HLA
Distributed Simulations with DDS and HLAAngelo Corsaro
 
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...IncQuery Labs
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 
RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011Gerardo Pardo-Castellote
 
Real time simulation with HLA and DDS
Real time simulation with HLA and DDSReal time simulation with HLA and DDS
Real time simulation with HLA and DDSJosé Ramón Martínez Salio
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloudkrprashant94
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSReal-Time Innovations (RTI)
 
Getting Started in DDS with C++ and Java
Getting Started in DDS with C++ and JavaGetting Started in DDS with C++ and Java
Getting Started in DDS with C++ and JavaAngelo Corsaro
 
The Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingThe Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingAngelo Corsaro
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkGerardo Pardo-Castellote
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Fundamental Cloud Security
Fundamental Cloud SecurityFundamental Cloud Security
Fundamental Cloud SecurityMohammed Sajjad Ali
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingRohit Buddabathina
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Kp3419221926
Kp3419221926Kp3419221926
Kp3419221926IJERA Editor
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceGerardo Pardo-Castellote
 

More Related Content

What's hot

DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationGerardo Pardo-Castellote
 
Distributed Simulations with DDS and HLA
Distributed Simulations with DDS and HLADistributed Simulations with DDS and HLA
Distributed Simulations with DDS and HLAAngelo Corsaro
 
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...IncQuery Labs
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 
RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011Gerardo Pardo-Castellote
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloudkrprashant94
 
Getting Started in DDS with C++ and Java
Getting Started in DDS with C++ and JavaGetting Started in DDS with C++ and Java
Getting Started in DDS with C++ and JavaAngelo Corsaro
 
The Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingThe Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingAngelo Corsaro
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkGerardo Pardo-Castellote
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 

What's hot (20)

DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
 
Deep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway SpecificationDeep Dive into the OPC UA / DDS Gateway Specification
Deep Dive into the OPC UA / DDS Gateway Specification
 
Distributed Simulations with DDS and HLA
Distributed Simulations with DDS and HLADistributed Simulations with DDS and HLA
Distributed Simulations with DDS and HLA
 
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
Introducing the New MagicDraw Plug-In for RTI Connext DDS: Industrial IoT Mee...
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
 
RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011RTI Data-Distribution Service (DDS) Master Class 2011
RTI Data-Distribution Service (DDS) Master Class 2011
 
Real time simulation with HLA and DDS
Real time simulation with HLA and DDSReal time simulation with HLA and DDS
Real time simulation with HLA and DDS
 
Cryptography on cloud
Cryptography on cloudCryptography on cloud
Cryptography on cloud
 
Best Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDSBest Practices Using RTI Connext DDS
Best Practices Using RTI Connext DDS
 
Getting Started in DDS with C++ and Java
Getting Started in DDS with C++ and JavaGetting Started in DDS with C++ and Java
Getting Started in DDS with C++ and Java
 
The Art and Science of DDS Data Modelling
The Art and Science of DDS Data ModellingThe Art and Science of DDS Data Modelling
The Art and Science of DDS Data Modelling
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Fundamental Cloud Security
Fundamental Cloud SecurityFundamental Cloud Security
Fundamental Cloud Security
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DES
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 

Similar to The DDS Security Standard

DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceGerardo Pardo-Castellote
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...IJECEIAES
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentIOSR Journals
 
Eclipse IoT Summit 2016: In The Age of IoT Think Data-Centric
Eclipse IoT Summit 2016: In The Age of IoT Think Data-CentricEclipse IoT Summit 2016: In The Age of IoT Think Data-Centric
Eclipse IoT Summit 2016: In The Age of IoT Think Data-CentricToby McClean
 
Fog Computing with VORTEX
Fog Computing with VORTEXFog Computing with VORTEX
Fog Computing with VORTEXAngelo Corsaro
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computingJahangeer Qadiree
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
DNS Data Exfiltration Detection
DNS Data Exfiltration DetectionDNS Data Exfiltration Detection
DNS Data Exfiltration DetectionIRJET Journal
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Carrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsCarrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsIaetsd Iaetsd
 
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...IRJET Journal
 
Enhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
Enhancing Privacy in Cloud Service Provider Using Cryptographic AlgorithmEnhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
Enhancing Privacy in Cloud Service Provider Using Cryptographic AlgorithmIOSR Journals
 
Important Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesImportant Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesHTS Hosting
 

Similar to The DDS Security Standard (20)

Kp3419221926
Kp3419221926Kp3419221926
Kp3419221926
 
DDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS ConferenceDDS Security for the Industrial Internet - London Connext DDS Conference
DDS Security for the Industrial Internet - London Connext DDS Conference
 
An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...An efficient and secure data storage in cloud computing using modified RSA pu...
An efficient and secure data storage in cloud computing using modified RSA pu...
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
H017155360
H017155360H017155360
H017155360
 
Encryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing EnvironmentEncryption Technique for a Trusted Cloud Computing Environment
Encryption Technique for a Trusted Cloud Computing Environment
 
Eclipse IoT Summit 2016: In The Age of IoT Think Data-Centric
Eclipse IoT Summit 2016: In The Age of IoT Think Data-CentricEclipse IoT Summit 2016: In The Age of IoT Think Data-Centric
Eclipse IoT Summit 2016: In The Age of IoT Think Data-Centric
 
Fog Computing with VORTEX
Fog Computing with VORTEXFog Computing with VORTEX
Fog Computing with VORTEX
 
Security and privacy approach of cloud computing
Security and privacy approach of cloud computingSecurity and privacy approach of cloud computing
Security and privacy approach of cloud computing
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud security
Cloud securityCloud security
Cloud security
 
DNS Data Exfiltration Detection
DNS Data Exfiltration DetectionDNS Data Exfiltration Detection
DNS Data Exfiltration Detection
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Carrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsCarrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoors
 
Telephony DNS
Telephony DNSTelephony DNS
Telephony DNS
 
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
 
Enhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
Enhancing Privacy in Cloud Service Provider Using Cryptographic AlgorithmEnhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
Enhancing Privacy in Cloud Service Provider Using Cryptographic Algorithm
 
Important Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based ServicesImportant Terminology for the Users of Web-based Services
Important Terminology for the Users of Web-based Services
 

More from Angelo Corsaro

zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data FabricAngelo Corsaro
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationAngelo Corsaro
 
zenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computezenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computeAngelo Corsaro
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolAngelo Corsaro
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingAngelo Corsaro
 
fog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructurefog05: The Fog Computing Infrastructure
fog05: The Fog Computing InfrastructureAngelo Corsaro
 
Cyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeCyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeAngelo Corsaro
 
fog05: The Fog Computing Platform
fog05: The Fog Computing Platformfog05: The Fog Computing Platform
fog05: The Fog Computing PlatformAngelo Corsaro
 
Programming in Scala - Lecture Four
Programming in Scala - Lecture FourProgramming in Scala - Lecture Four
Programming in Scala - Lecture FourAngelo Corsaro
 
Programming in Scala - Lecture Three
Programming in Scala - Lecture ThreeProgramming in Scala - Lecture Three
Programming in Scala - Lecture ThreeAngelo Corsaro
 
Programming in Scala - Lecture Two
Programming in Scala - Lecture TwoProgramming in Scala - Lecture Two
Programming in Scala - Lecture TwoAngelo Corsaro
 
Programming in Scala - Lecture One
Programming in Scala - Lecture OneProgramming in Scala - Lecture One
Programming in Scala - Lecture OneAngelo Corsaro
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsAngelo Corsaro
 
RUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsRUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsAngelo Corsaro
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardAngelo Corsaro
 

More from Angelo Corsaro (20)

Zenoh: The Genesis
Zenoh: The GenesisZenoh: The Genesis
Zenoh: The Genesis
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data Fabric
 
Zenoh Tutorial
Zenoh TutorialZenoh Tutorial
Zenoh Tutorial
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
 
zenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query computezenoh: zero overhead pub/sub store/query compute
zenoh: zero overhead pub/sub store/query compute
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
 
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog ComputingBreaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
Breaking the Edge -- A Journey Through Cloud, Edge and Fog Computing
 
Eastern Sicily
Eastern SicilyEastern Sicily
Eastern Sicily
 
fog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructurefog05: The Fog Computing Infrastructure
fog05: The Fog Computing Infrastructure
 
Cyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT AgeCyclone DDS: Sharing Data in the IoT Age
Cyclone DDS: Sharing Data in the IoT Age
 
fog05: The Fog Computing Platform
fog05: The Fog Computing Platformfog05: The Fog Computing Platform
fog05: The Fog Computing Platform
 
Programming in Scala - Lecture Four
Programming in Scala - Lecture FourProgramming in Scala - Lecture Four
Programming in Scala - Lecture Four
 
Programming in Scala - Lecture Three
Programming in Scala - Lecture ThreeProgramming in Scala - Lecture Three
Programming in Scala - Lecture Three
 
Programming in Scala - Lecture Two
Programming in Scala - Lecture TwoProgramming in Scala - Lecture Two
Programming in Scala - Lecture Two
 
Programming in Scala - Lecture One
Programming in Scala - Lecture OneProgramming in Scala - Lecture One
Programming in Scala - Lecture One
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained Envionrments
 
RUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming RuminationsRUSTing -- Partially Ordered Rust Programming Ruminations
RUSTing -- Partially Ordered Rust Programming Ruminations
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity Standard
 
Fog Computing Defined
Fog Computing DefinedFog Computing Defined
Fog Computing Defined
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

The DDS Security Standard

  • 3. CopyrightPrismTech,2017 DDS provides applications with a Virtual Global Data Space abstraction DDS Abstraction DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
  • 4. CopyrightPrismTech,2017 Applications coordinate by autonomously and asynchronously reading and writing data in the Data Space enjoying spatial and temporal decoupling DDS Abstraction DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
  • 5. CopyrightPrismTech,2017 DDS has built-in dynamic discovery that automatically matches interest and establishes data path isolating applications from network topology and connectivity details Dynamic Discovery DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
  • 6. CopyrightPrismTech,2017 DDS global data space implementation is decentralised and does not suffer of single point of failure or bottleneck Decentralised Data-Space Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS TopicD QoS TopicD QoS TopicA QoS DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS
  • 7. CopyrightPrismTech,2017 Connectivity is dynamically adapted to chose the most effective way of sharing data Adaptive Connectivity Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS TopicD QoS TopicD QoS TopicA QoS The communication between the DataWriter and matching DataReaders can be peer-to- peer exploiting UDP/IP (Unicast and Multicast)or TCP/IP The communication between the DataWriter and matching DataReaders can be “brokered” but still exploiting UDP/IP (Unicast and Multicast)or TCP/IP
  • 8. CopyrightPrismTech,2017 DDS data streams are defined by means of Topics A Topic represented is by means of a <name, type, qos> Topics Organisation DDS Global Data Space ... Data Writer Data Writer Data Writer Data Reader Data Reader Data Reader Data Reader Data Writer TopicA QoS TopicB QoS TopicC QoS TopicD QoS Topic Type Name QoS
  • 9. CopyrightPrismTech,2017 Topic may mark some of their associated type attributes as key- fields Each unique key value (tuple of key attributes) identifies a Topic Instance. Each Topic Instance has associated a FIFO ordered stream of samples DDS provides useful instance life- cycle management and samples demultiplexing Topic Instances
  • 10. CopyrightPrismTech,2017 DDS information lives within a domain A domain can be thought as organised in partitions Samples belonging to a given Topic Instance are read/written from/in one or more partitions Information Scopes
  • 13. CopyrightPrismTech,2017 Network Security implements authentication and encryption at Layer 3 of the ISO/OSI reference model, e.g., IPSec Transport Security implements a secure channel above a Layer-4 abstraction, e.g., TLS for TCP/IP and DTLS for UDP/IP Notice that network security and transport security are concerned with the creation of secure channels, but no access control is performed over exchanged information Network/Transport Security
  • 14. CopyrightPrismTech,2017 Boundary security is concerned with securing the interconnection of a system with an untrusted network. The system network, is considered trusted. In any case security within the system is addressed using traditional LAN-level security techniques DMZ is a common way of implementing boundary security. Notice that access control can be executed as part of the DMZ Boundary Security
  • 15. CopyrightPrismTech,2017 DDS vendors have been providing transport security solution for some time. Network/transport security solutions based on TLS/DTLS are not suitable for high-fan-out group communication nor for real-time data flows Additionally Network/Transport security solutions don’t provide any access control Toward DDS Security
  • 16. CopyrightPrismTech,2017 Provide a data-centric security that allows to control access to the DDS Global Data Space Ensure that the security solution is multicast- friendly Design for extensibility and customisability DDS Security Goals
  • 17. CopyrightPrismTech,2017 The DDS Security Model defines the security principals, the objects that are being secured, and the operations on the objects that are to be restricted DDS applications share information on DDS Global Data Spaces (DDS Domains) where the information is organised into Partitions, Topics and Instances and accessed by means of read and write operations on data- instances of those Topics. DDS Security Model
  • 18. CopyrightPrismTech,2017 The DDS Security provides • Confidentiality of the data samples 
 • Integrity of the data samples and the messages that contain them 
 • Authentication of DDS writers and readers 
 • Authorisation of DDS writers and readers 
 • Non-repudiation of data 
 DDS Security Model
  • 20. CopyrightPrismTech,2017 The DDS Security specification provide protection against: • Unauthorised Subscription • Unauthorised Publication • Tampering and Replay • Unauthorised data access Security Threats [See DDS Security Specification v1.0 p.9]
  • 21. CopyrightPrismTech,2017 Eve has managed to connected to the same network as the rest of the applications and is able to see DDSI packets not addressed to him Unauthorised Subscription [See DDS Security Specification v1.0 p.9]
  • 22. CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] To protect Alice against Eve’s unauthorised subscription, DDS Security uses a secret key shared only with authorised readers such as Bob, Trent and Mallory Unauthorised Subscription
  • 23. CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] Trudy is connected to the same network infrastructure as the rest of the agents and is able to inject network packets with any data contents, headers and destination she wishes (e.g., Bob). The network infrastructure will route those packets to the indicated destination Unauthorised Publication
  • 24. CopyrightPrismTech,2017 To protect against Trudy, Bob, Trent and Mallory need to realise that the data is not originating from Alice. They need to realise that the data is coming from someone not authorised to send data on Topic T and therefore reject the packet Unauthorised Publication [See DDS Security Specification v1.0 p.9]
  • 25. CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] To protect against Unauthorised Publications the DDS Security standard allows writers to sign their messages Messages can be signed with either a hash-based message authentication code (HMAC) or digital signature. Unauthorised Publication
  • 26. CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] Mallory is authorised to subscribe to Topic T Therefore Alice has shared with Mallory the secret key to encrypt the topic and also, if an HMAC is used, the secret key used for the HMAC Tampering and Relay Assume Alice used HMACs instead of digital signatures. Then Mallory can use her knowledge of the secret keys used for data encryption and the HMACs to create a message on the network and pretend it came from Alice.
  • 27. CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] If Alice used an HMAC, the only solution to the problem is to have a different HMAC secret key for each matching reader. Then Mallory will not have the HMAC key that Bob expects from Alice and the messages from Mallory to Bob will not be misinterpreted as coming from Alice. Tampering and Relay
  • 28. CopyrightPrismTech,2017 If Alice uses multicast to communicate efficiently with multiple receivers, she will have to send an HMAC with a different key for every receiver. In other terms multiple HMACs will be appended to the multicast message along with some key-id that allows the recipient to select the correct HMAC Signing messages using a digital signature based on public key cryptography removes this challenge at the cost of running a more time-consuming signing algorithm Tampering and Relay [See DDS Security Specification v1.0 p.9]
  • 29. CopyrightPrismTech,2017 [See DDS Security Specification v1.0 p.9] Infrastructure services, such as the DDS Durability Service or DDS- middle-boxes need to be able to receive messages, verify their integrity, store them, and send them to other participants on behalf of the original application These services can be trusted not to be malicious; however, often it is not desirable to let them understand the contents of the data. They are allowed to store and forward the data, but not to see inside the data Unauthorised Access by Services
  • 30. CopyrightPrismTech,2017 Unauthorised Access by Services [See DDS Security Specification v1.0 p.9] The DDS Security Standard addresses this problem by supporting independent configuration for protocol and user data encryption This way, infrastructure services only need to be trusted with the secrets required to process the protocol data, but not with the secrets required to read the user data
  • 32. CopyrightPrismTech,2017 The DDS Security standard has a modular and plug-in architecture that allows for pluggable Authentication, Access Control, Logging, Cryptography and Data Tagging Plug-in Architecture [See DDS Security Specification v1.0 p.47]
  • 33. CopyrightPrismTech,2017 Authenticate the principal that is joining a DDS Domain Support mutual authentication between participants and establish a shared secret Authentication Control Plugin [See DDS Security Specification v1.0 p.47]
  • 34. CopyrightPrismTech,2017 The DDS Security discovery is enhanced with an authentication protocol For protected DDS Domains a DomainParticipant that enables the authentication plugin will only communicate with another Domain Participant that has the authentication plugin enabled Authentication Control Plugin [See DDS Security Specification v1.0 p.47]
  • 35. CopyrightPrismTech,2017 Decide whether a principal is allowed to perform a protected operation. Access Control Plugin [See DDS Security Specification v1.0 p.47]
  • 36. CopyrightPrismTech,2017 Once a DomainParticipant is authenticated, its permissions need to be validated and enforced Access rights are often described using an access control matrix where the rows are subjects (i.e., users), the columns are objects (i.e., resources), and a cell defines the access rights that a given subject has over a resource Typical implementations provide either a column-centric view, i.e., access control lists, or a row-centric view, i.e., a set of capabilities stored with each subject The DDS Access Control plugin supports both approaches Access Control Plugin [See DDS Security Specification v1.0 p.47]
  • 37. CopyrightPrismTech,2017 Generate keys. Perform Key Exchange. Perform the encryption and decryption operations. Compute digests, compute and verify Message Authentication Codes. Sign and verify signatures of messages. Cryptography Plugin [See DDS Security Specification v1.0 p.47]
  • 38. CopyrightPrismTech,2017 The Cryptographic plugin defines the operations necessary to support encryption, digest, message authentication codes, and key exchange for DDS DomainParticipants, DataWriters andDDSDataReaders Users of DDS may have specific cryptographic libraries they use for encryption, as well as, specific requirements regarding the algorithms for digests, message authentication, and signing. In addition, applications may require having only some of those functions performed, or performed only for certain DDS Topics and not for others. Cryptography Plugin [See DDS Security Specification v1.0 p.47]
  • 39. CopyrightPrismTech,2017 Log all security relevant events Logging Plugin [See DDS Security Specification v1.0 p.47]
  • 40. CopyrightPrismTech,2017 Add a data tag for each data sample Data Tagging Plugin [See DDS Security Specification v1.0 p.47]
  • 42. CopyrightPrismTech,2017 An DDSI-RTPS Message is composed of a leading Header followed by a variable number of Submessages. Each Submessage is composed of a SubmessageHeader followed by a variable number of SubmessagElements. There are various kinds of SubmessageElements to communicate things like sequence numbers, unique identifiers for DataReader and DataWriter entities, SerializedKeys or KeyHash of the application data, source timestamps, QoS, etc. DDSI-RTPS Message [See DDS Security Specification v1.0 p.18]
  • 43. CopyrightPrismTech,2017 Name Description Authentication DDS:Auth:PKI-DH Uses PKI with a pre- configured shared Certificate Authority. RSA or DSA and Diffie- Hellman for authentication and key exchange. Access Control DDS:Access:Permissions Permissions document signed by shared Certificate Authority Cryptography DDS:Crypto:AES-GCM-GMAC AES-GCM (AES using Galois Counter Mode) for encryption. AES-GMAC for message authentication Data Tagging DDS:Tagging:DDS_Discovery Send Tags via endpoint discovery Logging DDS:Logging:DDS_LogTopic Logs security events to a dedicated DDS Log Topic Default Plugins
  • 44. CopyrightPrismTech,2017 DDS Security is implemented as a “bump” in the DDSI-RTPS Protocol stack In other terms, the plugins transform regular DDSI-RTPS messages into secure DDSI-RTPS messages before sending on the wire. Likewise secure DDSI-RTPS messages are transformed into regular messages before being passed to the protocol state machine Message Transformation [See DDS Security Specification v1.0 p.25]
  • 45. CopyrightPrismTech,2017 Prefix and Postfix “markers” are defined for both the DDSI-RTPS message as well as its sub-messages These sub-messages provide the required information to decrypt and authenticate the sources Message Transformation [See DDS Security Specification v1.0 p.25]
  • 47. CopyrightPrismTech,2017 The DDS Security Standard ensures that compliant implementation can securely interoperate Additionally a DDS implementation compliant with the DDS Security standard is capable of interoperating with a non-secure DDS implementation over non-secured Topics Interoperability
  • 49. CopyrightPrismTech,2017 To build Scalable and Secure DDS systems a combination of regular DDS Security and Boundary Security will be necessary Introducing boundaries allow to group entire subsystems behind a single (or a few) subjects, thus making it easier to scale The DDS Security mechanism are suitable for Boundary Securing implementation Securing at Scale
  • 51. CopyrightPrismTech,2017 Summing Up [See DDS Security Specification v1.0 p.9] The DDS Security Standard provides protection against: • Unauthorised Subscription • Unauthorised Publication • Tampering and Replay • Unauthorised data access The specific implementation supports multicast and real-time communication The DDS-Security mechanism can be used for implementing sub- system as well as boundary security