OpenSplice Security Module

Ope

nSpl

ice

DD

S

OpenSplice Security Module

Angelo CORSARO, Ph.D.Chief Technology Officer OMG DDS Sig Co-Chair

[email protected]

mailto:[email protected]

mailto:[email protected]

Copyrig

ht 2011, PrismTech – A

ll Rights Reserved.

Ope

nSpl

ice

DD

S

OpenSplice Security in BriefThe OpenSplice Security module provides transport security enjoying the following properties:

☐ Confidentiality and Data Integrity (Availability is built-in DDS)

☐ Separation between the area in which information is processed in unencrypted-form (RED) and the area in which critical information is not permitted to flow in unencrypted-form (BLACK)

☐ Authenticity via Mandatory Access Control

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

Separation of Information Flows☐ OpenSplice DDS binds a level of security to a node

(or OS partition on a separation kernel)

☐ All applications running on the same node will share the same level of security (same user)

☐ The reliable separation of different level of security (clearance) is provided for applications deployed on different nodes (or OS partitions)

Ope

nSpl

ice

DD

S Data Confidentiality and Integrity

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

DDS Partitions☐ The Partition QoS Policy can

be used as subjects organizing the flow of data

☐ The Partition QoS Policy is used to connect Publishers/Subscribers to a Partitions’ List which might also contain wildcards, e.g. tracks.*

☐ Topics are published and subscribed across one or more Partitions

Domain

Subscriber

Subscriber

Subscriber

"tracks.kfo" "tracks.ufo"

Publisher

Publisher

Publisher

Partition

Ope

nSpl

ice

DD

S

"airspace.kfo.aircrafts"

"airspace.kfo.flyingcars"

"airspace.tfo"

TracksPublisher

Publisher

Publisher

Subscriber

Subscriber

Subscriber

DataWriter<TrakedObject>

DataWriter<FlightPlan>

DataReader<TrakedObject>





DataReader<Tracks>

Subscriber DataReader<FlightPlan>

DataReader<TrackedObject>

DataReader<FlightPlan>

Global Data Space (GDS)Partition

Topic

FlightPlanAirCraft

FlightPlanFlyingCar

Ope

nSpl

ice

DD

S



"airspace.tfo"

TracksPublisher

Publisher

Publisher

Subscriber

Subscriber

Subscriber








DataReader<Tracks>





Topic

FlightPlanAirCraft

FlightPlanFlyingCar

“airspace.*”

Ope

nSpl

ice

DD

S



"airspace.tfo"

TracksPublisher

Publisher

Publisher

Subscriber

Subscriber

Subscriber








DataReader<Tracks>





Topic

FlightPlanAirCraft

FlightPlanFlyingCar

“airspace.kfo.*”

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

OpenSplice Network Partitions

☐ OpenSplice DDS maps DDS Partitions onto Network Partitions

Subscriber

Subscriber

Subscriber


Publisher

Publisher

Publisher

"NetPartOne" "NetPartTwo"

"NetPartThree"239.1.1.19

239.1.1.18

239.1.1.18,192.1.1.7

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

{C+I} in OpenSplice DDS☐ Security profile can be

associated with Network Partitions

☐ Each Security Profile specifies:☐ Cipher (AES, BLOWFISH, N/A)☐ Key

☐ All data sent over the given partition is then encrypted with the provided cipher/key

Subscriber

Subscriber

Subscriber


Publisher

Publisher

Publisher

"NetPartOne" "NetPartTwo"

"NetPartThree"239.1.1.19

239.1.1.18

239.1.1.18,192.1.1.7

Ope

nSpl

ice

DD

S Access Control

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

Access Control☐ Access Control is implemented via an optional and

pluggable module

☐ This allows to plug-in modules implementing Mandatory Access Control (MAC) based on Bell-LaPadula/Biba model, Role-Based Access Control, or others

☐ The current implementation only provides support for Mandatory Access Control (MAC)

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

Access Control in OpenSplice☐ OpenSplice implements two access control

enforcement points:☐ Inbound traffic. When reading data from the network, the

following checks are carried out:☐ is the reader allowed to receive the data?☐ was the data published by a trusted node? (in other words, was the

sender allowed to send the data)

☐ Outbound Traffic. When writing data to the network, the following check is carried out:☐ is the user allowed to write data to the network?

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

MAC in OpenSplice☐ Mandatory Access Control (MAC) in Open Splice combines

the Bell-LaPadula and Biba models to ensure confidentiality and data integrity.

☐ Each resource (object) has a classification made by (1) secrecy level, (2) integrity level and (3) a set of compartments that this resource is intended for

☐ Each user (subject) has a clearance made by (1) secrecy level, (2) an integrity level and (3) a set of compartments this user has a ‘need-to-know’ for

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

MAC in OpenSplice

☐ To determine if a user is authorized to access a resource, e.g. publish a certain topic or subscribe to a topic, the clearance of the user is compared to the classification of the resource

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

Secrecy Level

☐ Subscribing is permitted if the resource’s secrecy level is identical or lower than the user’s secrecy level

☐ Publishing is permitted if the resource’s secrecy level is identical or higher than the user’s secrecy level

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

Integrity Level

☐ Subscribing is permitted if the resource’s integrity level is identical or higher

☐ Publishing is permitted if the resource’s integrity level is identical or lower

Copyrig


ll Rights Reserved.

Ope

nSpl

ice

DD

S

Need to Know

☐ Publish/Subscribe is permitted if the user’s set of compartments is a subset of the resource’s set of compartments

OpenSplice Security Module

Technology

opensplice opensplice

opensplice copyright

access control access

access controlopensplice

opensplice dds cipher

opensplice ddssecrecy

dds sig

data integrity availability