Building Scalable Security for Systems of Systems · 2020. 7. 15. · Securely exchange...

4/15/19

1

BuildingScalableSecurityforSystemsofSystems

PaulTingeySeniorFieldApplicationEngineer

©2019Real-TimeInnovations,Inc..

Index

• BuildingScalableDistributedSystems– IntroductiontoIIoT FrameworkSolutions– DDSPrinciples

• SecuringtheDataonDistributedSystems• Fine-GrainDDSSecurity• Conclusion


4/15/19

2

RTIintheIndustrialIoT

• RTIisthelargestembeddedmiddlewarevendor

• 1000+designs,manyreal-worldprogramsacrossindustries

• FullDDS,tools,services,support,secureandcertifiedversions

• About200people

©2019Real-TimeInnovations,Inc.Confidential.

AnOverviewofDataDistributionService(DDS)


4/15/19

3

OMGDataDistributionService

• FirstversionoftheDDSstandardwasreleasedin2004•Mostrecentversion(v1.4)wasreleasedinApril2015• “Data-CentricPublish-Subscribemodelfordistributedapplicationcommunicationandintegration”


WhatistheDataDistributionService…?

• DDSisideallysuitedtoapplicationsthatarerequiredtosharelargeamountsofdatainafast,secure,scalableandreliableway

• ItwasoriginallydesignedformissioncriticalsystemsandisnowattheheartofmanyOpenArchitectureinitiativesinA&D

• It’sTRL-9 technologyusedwidelyinthe“L”partsofLVC systems• It’swidespreaduseinmilitarysystemshasledtostronginterestinthesimulationandtrainingmarket

• DDSisPublish-Subscribe,Data-Centric andPeer-to-Peer– enablinglocationtransparency,decentralizedoperation,dynamicscalabilityandreal-timeperformance


4/15/19

4

ConnectivityFrameworkLayer

Transport

Link

Distributed Data Interoperability & Management

Framework

Quality of

ServiceSecurity

Publish-Subscribe Request-Reply Discovery

Data Resource Model

ID and Addressing Data Type System Lifecycle (CRUD)

Exception Handling

State Management

ConnectivityFramework

Functions

Physical

Network

API Governance


ConnectionviatheDDSDatabus…

PlatformPlatformPlatform

Application3DDS

Application2DDS

Application1DDS

SensorUnit HealthMonitor DeviceControl


4/15/19

5


PlatformPlatformPlatform

Application3DDS

Application2DDS

Application1DDS

SensorUnit HealthMonitor DeviceControl


DDS Databus

Platform

Application3DDS

Operator



DataflowsareconfiguredviaQualityofServicesettingsthatdefinehowdataisdelivered

betweennodesinthedistributedsystem.InDDS

terminologythesedataflowsarecalledTopics.

ADataModel(writteninIDL)describesthedatainthesystemandallowsDDSto‘understand’andmanagedatainthesystem

appropriately.

DDSabstractstheapplicationawayfromtheOperatingSystemmakingtheapplicationlesscomplex,more

portableandtransportagnostic.

DataiscachedattheendpointsbyDDS(basedontheQoS

settings);theapplicationalwayshasthedataitrequireswhenit

requiresit.

DDSoptimises networkusagebyfilteringdataappropriately(ateither

sourceordestination)andonlydeliveringdatawhenandwhereitisneeded.

DDSprovidesanAPItotheprogrammer(whichRTIwrapinlanguage

bindings)toenabledata-centricaccesstoyour

data.

DDSoperatespeer-to-peertogivereal-time

performanceandmeaningthereisnocentralserver.

4/15/19

6

AboutDataCentricityDataCentricityDefinitiona) Theinterfaceis thedata.b) Theinfrastructureunderstandsthatdata.c) Thesystemmanagesthedataandimposes

rulesonhowapplicationsexchangedata.

Application

Application

MessagecentricRemoteObjectsSOAs

Application

Application

Data

Database

Datacentricstorageandsearchingofolddata

Datacentricsharingandfilteringoffuturedata

SELECT * FROM ShapeDataWHERE color=‘RED’ AND shapesize > 10;

cft = create_contentfilteredtopic_with_filter( ”MyFiltered_topic”, ShapeData_topic,”(color MATCH ‘RED’) AND (shapesize > 10)”, … );

Databus


TheIICLayeredDatabusArchitecturePattern


4/15/19

7

WhyDDS?

Data-centric

Naturallymodular

Naturallyscalable

Resiliency

Highreliability

Maximumup-time

Performance

Minimumlatency

Maximumthroughput

Fasterdevelopment

SOA-likearchitecture

Codere-use

Standardsbased

Novendorlock-in

Futureproof


SecuringtheDataonDistributedSystems


4/15/19

8

DDSDatabus

A B C

AssociatedThreats

(1)(2)

D E F

(3,4)

AuthorisedPublisher Intruder

AuthorisedSubscriber Eavesdropper

TrustedInfrastructure

ServiceMaliciousinsider

• ForDDSbased(distributed)systems,thefourmostrelevantthreatcategoriesare:1. Unauthorised publication2. Unauthorised subscription3. Tamperingandreplay4. Unauthorised accesstodatabyinfrastructureservices


ApproachestoProtectDDS

• TransportLayerSecurity

• Fine-GrainedDataSecurity


4/15/19

9

Transport-LevelSecureDataTransfer

DP DP

• CanuseTLSorDTLS•Methodinvolves:

1. Authenticate• Verifyyouridentity

2. Securelyexchangecryptographickeys3. Usekeysto:

• Encryptdata• Addamessageauthenticationcode


LimitationsofTransport-LevelSecurity

DP DP

• Canbeinefficient:alldataisencryptedandsigned– Applicationdataandmetadata– Regardlessofwhetherconfidentialityand/orintegrityarerequired

• Poorlatencyandjitter:usuallyrunsoverTCP• Notscalable:nomulticastsupport– EvenwithDTLSoverUDP

• Appsareauthenticatedorthey’renot• Noinherentprotectionagainstinsiderthreats– E.g.:authorizedsubscriberbutunauthorizedpublisher

• Accesscontrolhastobedoneatapplicationlevel©2019Real-TimeInnovations,Inc..

4/15/19

10

FinegrainedDDSSecurity


OMGDDSSecurityStandard

• OMGreleasedtheDDSSecurityspecification(v1.1)inJuly2018• CollaborativelydevelopedbyanumberofDDSvendors• Defines:– DDSSecurityModel– ServicePluginInterface(SPI)Architecture


4/15/19

11


• BasedonOMGDDSSecurityspec• Built-InPlugins– LittletonochangerequiredtoDDSapplications– SecurityisconfiguredthroughXML

• OptionalSDKavailabletocustomizepluginbehavior• Runsoveranytransport– DoesnotrequireTCPorIP– SecureMulticastforscalability,lowlatency

• Completelydecentralized– Highperformanceandscalability– Nosinglepoint-of-failure

DDSCoreLibrary

Authentication

AccessControl

Cryptography

DataTagging

Logging

Application

AnyTransport*(e.g.,TCP,UDP,multicast,

sharedmemory…)



DDSCoreLibrary

Authentication

AccessControl

Cryptography

DataTagging

Logging

Application

AnyTransport*(e.g.,TCP,UDP,multicast,

sharedmemory…)

• TheServicePluginInterface(SPI)Architecturedefinesinterfacesforfiveplugins– Authentication

• Verificationoftheidentityofanapplication– AccessControl

• Allowsenforcementofpolicies(e.g.writeaccesstoatopic)

– Cryptography• Aninterfacetocrytographic functionality

– Logging• AuditingofDDSSecurityrelatedevents

– DataTagging• Enablesaddingtagstodatasamples


4/15/19

12

Network

Fine-GrainedData-CentricSecurity

ControlAnalysisPressureSensor

State Alarms SetPoint

Operator

• DDSSecurityprovidesfine-grainedsecurityindistributedsystems• Enablesthesecuringofindividualdataflows(topics)• InthesystemshownheretheSetPoint dataitemshouldbesecured– Transportlevelsecurity(TLS)providesonlypartialprotection

Modules/Applications

Data©2019Real-TimeInnovations,Inc..

Network




Operator

• DDSSecurityprovidesfine-grainedsecurityindistributedsystems• Enablesthesecuringofindividualdataflows(topics)• InthesystemshownheretheSetPoint dataitemshouldbesecured– Transportlevelsecurity(TLS)providesonlypartialprotection

Data



4/15/19

13

Databus




Operator

• DDSSecurityenablesfinegrainedsecurityofaTopic– Forexample,forSetPoint,for

AuthenticationandAccessControl

• Onlyspecificmodules/appswillthenbeabletoaccesstheTopic,e.g.– OperatorcanpublishSetPoint– OperatorcansubscribetoSetpoint– ControlcanpublishSetpoint

•Modules/appswithoutthecorrectsecuritysettingswillnothaveaccess

Data



FineGrainedControltoOptimizePerformance

• DDSSecurityallowsveryfinegrainedcontrolofsecurity– Choosefrom:

• Unsecured(datasentintheclearwithoutasignature)• SignedwithaGaloisMessageAuthenticationCode(GMAC)forintegrity• Encryptedandsigned

– Configurableper:• Domainformetadata(discovery,liveliness)• Topic(wholeRTPSmessageoruserdataonly)


4/15/19

14

TransportSecurityvsDDSSecurity

DW DTLS

DR

DR

DR

UDP

DW DDSSecurity

DR

DR

DR

UDP

DW DDSSecurity

DR

DR

DR

UDP

DTLS/Unicast

DDSSecurity/Unicast

DDSSecurity/Multicast


Performance

01020304050607080

NoSecurity RTPSSign RTPSSign+DataEncrypt

RTPSSign+SubmessageEncrypt

RTPSSign+Submessage+DataEncrypt

LatencyinM

icrosecond

s

020000400006000080000100000120000140000

NoSecurity RTPSSign RTPSSign+DataEncrypt

RTPSSign+SubmessageEncrypt

RTPSSign+Submessage+DataEncrypt

SamplesPerSecon

d

Latencyfor1024ByteSamples

Throughputfor32bytesamplesin8Kbatches

• DDSSecurityprovidesanenvironmentforhighperformancesecuritythrough:– Fine-grainedsecurityselectionsthatmatchyourrequirements– Apluggablearchitecturetoallowuseofyourowncustomised algorithms(h/wors/w)– Supportforsecurityovermulticast


4/15/19

15

Conclusions• DDSisamaturestandardfromOMG– Focusesonefficientdata-distributionforreal-timeandhigh-performancesystems– MandatedandDeployedworldwideinMilitarysystemsandotherdemandingreal-time

applications– Platformneutral,withaPortableAPIandInteroperableWireProtocol– HighlyTunableviaQualityofService(QoS)

• DDSisextendedwithaOMGmanagedspecificationforSecurity– Granulardatasecurity– Pluggablearchitectureforcustomizedprotocols– Runsoveranytransport– Optimises networkusagewithsupportforsecurityovermulticast


ThankYou

Building Scalable Security for Systems of Systems · 2020. 7. 15. · Securely exchange...

Documents

Transcript of Building Scalable Security for Systems of Systems · 2020. 7. 15. · Securely exchange...