Open splice dds security
1 like1,242 views
The document details the enhancements and security features of OpenSplice DDS, tailored for high information assurance applications like defense and critical management systems. Key features include transport security, mandatory access controls, and data origin authentication, emphasizing interoperability and standards-based solutions. It outlines the security configurations and the integration of cryptographic protocols to maintain data confidentiality and integrity.
Open splice dds security
- 1. 1 Ramzi KAROUI, Ph.D. OpenSplice DDS Security EMEA Technical Manager September 2013 Copyright © PrismTech Solutions Americas, Inc. 2008 Proprietary information – Distribution Without Expressed Written Permission is Prohibited
- 2. OpenSplice DDS Security – Mission Provide an enhanced version of OpenSplice DDS suitable for applications with high Information Assurance (IA) requirements Defense applications, e.g., combat management Mission critical applications in various domains, e.g. air-traffic control, SCADA, product automation Provide a standards-based security solution for DDS DDS Security is still an open space No DDS Security standards, yet PrismTech will be actively involved in the standardization process See joint Thales & PrismTech submission to OMG C4I Tagging & Labeling RFI Main Goal: guarantee interoperability across vendors In PT approach Portability will not be impacted. Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited 2
- 3. OpenSplice DDS Security - Product Brief Key Features Transport Security providing confidentiality and integrity of data exchanged between DDS network nodes. Dedicated crypto channels can be setup for network partitions allowing for the separation of information with different classification. Dedicated Crypto channel Data origin authentication using digital signatures on message streams. Mandatory Access Control (MAC) supporting both inbound and outbound access control for DDS nodes. Outbound: Data from other nodes is rejected in Access rights does not match Inbound: Data on local node is dropped PrismTech 2009 (don’t leave) in case Access does not match Copyright © Proprietary information – Distribution Without Expressed 3
- 4. OpenSplice Transport Security Features Seamless Integration of Transport Security with the existing transport features of the OpenSplice networking service No limitation of existing OpenSplice transport features Can be used for “reliable” and “best effort” transport Different priorities can be used for secure transport channels Supports security for unicast AND multicast UDP messages No additional processing overhead for sending messages to multiple receivers or for resending reliable messages Flexible configuration Zero impact on the application code XML based configuration at deployment time Configuration of cipher algorithms and shared secret keys per “network partition” No data leakage in case of miss-configuration Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited 4
- 5. OpenSplice Transport Security Features (cont‘d) Provide support for multiple pluggable crypto implementations Reference implementation based on field proven OpenSSL crypto library A crypto API will be provided to integrate other crypto provider with future releases of the product Data confidentiality and integrity Configurable cipher algorithms AES & Blowfish supported with default crypto provider Strong encryption by high performance symmetric ciphers Integrity assurance by cryptographic hash algorithms (SHA1 & SHA256 supported with default crypto provider) Dedicated Crypto channel Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited 5
- 6. e.g Transport Encryption at Partition level SecurityProfile Name=”SecureSectionProfile” Cipher="blowfish" CipherKey="000102030405060708090a0b0c0d0e0f"/> … <PartitionMapping > <DCPSPartitionTopics =“MyChiphredPartition.*” NetworkPartition =“MyNetworkSecurePartition” .. <NetworkPartitions> <MyNetworkSecurePartition Address=“223.240.240.0" SecurityProfile=“SecureSectionProfile"/> Sub Pub Pub MyCiphered Partition Sub Clear Partitions Sub Pub Sub Sub Pub @1 @2 Physical Network Layer Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited DDS Logical Layer 6
- 7. OpenSplice Authentication & Access Control Features Data origin authentication X509 Digital signatures are used for originator authentication Messages from non-trusted nodes are dropped Mandatory Access Control Enforces confidentiality and Integrity requirements of information flows using a policy model based on Bell La Padula & Biba security models XML based access control policy describes resources to be accessed Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited 7
- 8. Mandatory Access Control (MAC) Rules 8 Top Secret No-Read-Up, No-Write-down E.g Classified user can’t read Secret Data and can’t write Unclassified data Biba Integrity rules Secret Secret Confidential Conf Public Public Unclassified Bell-La-Padula Confidentiality rules: Top Secret Unclas sified DDS Node No-Read-down, No-Write-Up E.g Level_2 Subject can’t read Level_0 Data and can’t write Level_3 Data. Bell-La-Padula Data Object Level-2 Level-2 Level-1 Level-1 Level-0 Level-0 Biba Compartments rules The need to know rule The Data set Compartments is included in the user set of compartments Access is guaranteed if 3 rules apply Compartment rule Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited
- 9. MAC with OpenspliceDDS secure net service In Opensplice the User* Granularity is the “Node”. User*: publishing or receiving node User Identity uses SSL X509 Certificate User ID, Password certif will be considered in future Data: At DDS topic or Partition levels Currently, Access control is not enforced for Intra-node communication In Networking Secure Networking Service the following control occurs When Receiving data Is data published by a trusted node Is Receiving node allowed to read the data When Sending data Is the node authorised to publish the data Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited 9
- 10. MAC configuration example <resource> … <topic>AlertMessages</topic> <user> <classification> <!-- for MAC --> <secrecyLevel>CONFIDENTIAL</secrecyLevel> <integrityLevel>LEVEL_1</integrityLevel> <compartments> <compartment>FinnishArmy</compartment> <compartment>Air Force</compartment> </compartments> </classification> </resource> 10 <id>user1</id> <clearance> <!-- for MAC -<secrecyLevel>CONFIDENTIAL</secrecyLevel> <integrityLevel>LEVEL_2</integrityLevel> <compartments> <compartment> FinnishArmy</compartment> <compartment>Air Force</compartment> <compartment>Radar</compartment> </compartments> </clearance> <authentication> <x509Authentication> <subject>DN</subject> </x509Authentication> </authentication> </user> Copyright © PrismTech 2009 Proprietary information – Distribution Without Expressed Written Permission is Prohibited