Upload
fitman-fi
View
228
Download
0
Embed Size (px)
DESCRIPTION
Salvatore Piccione (TXT e-solutions S.p.A.)
Citation preview
Secure Event Management
SEI 2 Smart Factory
Salvatore Piccione (TXT e-solutions S.p.A.)
Secure Event Management 115/11/2013
Outline
• Why?
• What?
– Secure Event Management components
• So what?
15/11/2013 Secure Event Management 2
Why?
• Multitude of smart objects and services
• Demand for event-driven interactions
• Controlled access to production data by internal and external subjects
15/11/2013 Secure Event Management 3
What?
15/11/2013 Secure Event Management 4
Remote maintenanceoperatorsMES CEP Engines
Worker
Secure EventAccess Manager
Corporate domain border
Events’ namespace
• Taxonomy of the events conveyed by the event bus
• Conventions– Leaf nodes represent event producers
– Intermediate nodes allow consumers to select a specific set of events
– Patterns to select paths or portions within the namespace• Special characters: * (exactly one node), # (zero or
more nodes)
15/11/2013 Secure Event Management 5
Events’ namespace - example 1
Shop floor events
15/11/2013 Secure Event Management 6
WashingMachineManufacturer
ProductionPlant1
ProductionLine1
…
…
…
Station2
Thickness
Informational
Status
…
…
…
Station 6
Welding
Informational
Status
Station9
Marriage
Informational
Status
ProductionLine2 ProductionLine3
Events’ namespace - example 1
Shop floor events
15/11/2013 Secure Event Management 7
WashingMachineManufacturer
ProductionPlant1
ProductionLine1
…
…
…
Station2
Thickness
Informational
Status
…
…
…
Station 6
Welding
Informational
Status
Station9
Marriage
Informational
Status
ProductionLine2 ProductionLine3
WashingMachineManufacturer.ProductionPlant1.ProductionLine1.Station2.Status
Events’ namespace - example 1
Shop floor events
15/11/2013 Secure Event Management 8
WashingMachineManufacturer
ProductionPlant1
ProductionLine1
…
…
…
Station2
Thickness
Informational
Status
…
…
…
Station 6
Welding
Informational
Status
Station9
Marriage
Informational
Status
ProductionLine2 ProductionLine3
WashingMachineManufacturer.ProductionPlant1.ProductionLine1.*.Status
Events’ namespace - example 1
Shop floor events
15/11/2013 Secure Event Management 9
WashingMachineManufacturer
ProductionPlant1
ProductionLine1
…
…
…
Station2
Thickness
Informational
Status
…
…
…
Station 6
Welding
Informational
Status
Station9
Marriage
Informational
Status
ProductionLine2 ProductionLine3
WashingMachineManufacturer.ProductionPlant1.ProductionLine1.#
Events’ namespace - example 2
Notifications
15/11/2013 Secure Event Management 10
WashingMachineManufacturer
Alerting
ProductionPlant1
ProductionLine1
…
Station2
…
Station6
…
Station9
…
QualityAssurance
ProductionPlant1
ProductionLine1
…
Station2
…
Station 6
…
Station9
…
Namespace Manager
15/11/2013 Secure Event Management 11
Capability-based security
A capability is a communicable and unforgeabletoken of authority.
By owning it, a process/subject can access the resource/service uniquely identified in the token
and exercise the rights stated in it.
15/11/2013 Secure Event Management 12
Capability token
• Digitally signed XML document
• Based on standards for access control policies(XACML, SAML)
• Two types: Root and non-Root
15/11/2013 Secure Event Management 13
Anatomy of a capability token
• Issuer (who issues the capability)
• Subject (who the rights are granted to)
• Resource ID (URI of the resource)
• Validity Condition (validity time frame )
• Issuer’s capability
• Granted rights and their delegability
• Signature
15/11/2013 Secure Event Management 14
Capability-based security in action
15/11/2013 Secure Event Management 15
Plant 1 ManagerProduction Line 1
Manager
Station 2 Manager
Station 2 WorkerSecure Event
Access Manager
Production Plant 1Production Line 1Station 2
trusttrust
trust
trust
access
Cap#1 (Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.*
Capability-based security in action
15/11/2013 Secure Event Management 16
Production Line 1 Manager
Station 2 Manager
Station 2 WorkerSecure Event
Access Manager
trusttrust
trust
Capability-based security in action
15/11/2013 Secure Event Management 17
Plant 1 ManagerProduction Line 1
Manager
Station 2 Manager
Station 2 Worker
Cap#2 (Non-Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.*
Secure EventAccess Manager
trusttrust
trust
trust
Capability-based security in action
15/11/2013 Secure Event Management 18
Plant 1 Manager
Station 2 Manager
Station 2 WorkerSecure Event
Access Manager
trusttrust
trust
trust
Production Line 1 Manager
Cap#3 (Non-Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*
Capability-based security in action
15/11/2013 Secure Event Management 19
Plant 1 Manager
Station 2 Manager
Station 2 WorkerSecure Event
Access Manager
trusttrust
trust
trust
Production Line 1 Manager
Cap#4 (Non-Root)Rights: SubNamespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*
Capability-based security in action
15/11/2013 Secure Event Management 20
Plant 1 ManagerProduction Line 1
Manager
Station 2 Manager
Station 2 Worker
Access request
Secure EventAccess Manager
Production Plant 1Production Line 1Station 2
trusttrust
trust
trustCap#4 (Non-Root)Rights: SubNamespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*
Anatomy of a capability revocation
• Issuer
• Issuer’s capability
• Unique identifier of the revoked capability
• Revocation starting date
• Revocation scope
– Only the capability
– All derived capabilities
– The capability together with all derivedcapabilities
15/11/2013 Secure Event Management 21
Why are capabilities so cool?
• Principle of Least Authority (PoLA)
• Less security issues (e.g. Confused Deputy problem)
• Arbitrary granularity of access rights
• Distribution of the authorization management
• Independence from complexity and dynamics of identity management
• Full auditability
• Revocability15/11/2013 Secure Event Management 22
Capability wizard
15/11/2013 Secure Event Management 23
Event bus
• Based on AMQP (Advanced Message Queueing Protocol)
• Secure Event Access Manager
– capability-based security
– RESTful interface
15/11/2013 Secure Event Management 24
Access to event streams by clients
• Managed by the Secure Event Access Manager
• How it works
1. Session setting up
2. Session usage (publish/subscribe)
3. Session closing
15/11/2013 Secure Event Management 25
AMQP in a nutshell
15/11/2013 Secure Event Management 26
Queue #1
Exchange Queue #2
Queue #3
a.b.c.
Publisher
Subscribers
binding(a.b.*)
Routing key ≡ Pattern
AMQP in a nutshell
15/11/2013 Secure Event Management 27
Queue #1
Exchange Queue #2
Queue #3
a.b.c
a.b.*
a.#
Publisher
Subscribers
a.b.c.
AMQP in a nutshell
15/11/2013 Secure Event Management 28
Queue #1
Exchange Queue #2
Queue #3
a.b.c
a.b.*
a.#
a.b.c.
a.b.c.
a.b.c.
Publisher
Subscribers
Queue #2Exchange
AMQP in a nutshell
15/11/2013 Secure Event Management 29
Queue #1
Queue #3
a.b.c
a.b.*
a.#
a.b.x
Publisher
Subscribers
Queue #2Exchange
AMQP in a nutshell
15/11/2013 Secure Event Management 30
Queue #1
Queue #3
a.b.c
a.b.*
a.#
a.b.x
a.b.x
Publisher
Subscribers
Queue #2Exchange
AMQP in a nutshell
15/11/2013 Secure Event Management 31
Queue #1
Queue #3
a.b.c
a.b.*
a.#
a.y.z
Publisher
Subscribers
Queue #2Exchange
AMQP in a nutshell
15/11/2013 Secure Event Management 32
Queue #1
Queue #3
a.b.c
a.b.*
a.#
a.y.z
Publisher
Subscribers
AMQP in a nutshell
15/11/2013 Secure Event Management 33
Virtual Host #2 Virtual Host #nVirtual Host #1
Broker
Integrated Management Console
15/11/2013 Secure Event Management 34
Management of the brokers
Integrated Management Console
15/11/2013 Secure Event Management 35
Management of the virtual hosts
Integrated Management Console
15/11/2013 Secure Event Management 36
Management of the virtual hosts-namespaces mapping
So what?
• Complete decoupling of event sources and consumers (asynchronous interactions, timeliness)
• Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility)
• Bringing data to the interested consumersinstead of bringing consumers to data
• Advanced, flexible, scalable access control
15/11/2013 Secure Event Management 37
Thanks for your attention!
Q & A
15/11/2013 Secure Event Management 38
Follow Us!
• Fitman website: http://www.fitman-fi.eu/
• Twitter: @FitmanFI
• Specification of this SE: http://catalogue.fitman.atosresearch.eu/enablers/secure-event-management
15/11/2013 Secure Event Management 39