secure event management - sei 2 smart factory

Secure Event Management

SEI 2 Smart Factory

Salvatore Piccione (TXT e-solutions S.p.A.)

Secure Event Management 115/11/2013

Outline

• Why?

• What?

– Secure Event Management components

• So what?

15/11/2013 Secure Event Management 2

Why?

• Multitude of smart objects and services

• Demand for event-driven interactions

• Controlled access to production data by internal and external subjects

15/11/2013 Secure Event Management 3

What?

15/11/2013 Secure Event Management 4

Remote maintenanceoperatorsMES CEP Engines

Worker

Secure EventAccess Manager

Corporate domain border

Events’ namespace

• Taxonomy of the events conveyed by the event bus

• Conventions– Leaf nodes represent event producers

– Intermediate nodes allow consumers to select a specific set of events

– Patterns to select paths or portions within the namespace• Special characters: * (exactly one node), # (zero or

more nodes)

15/11/2013 Secure Event Management 5

Events’ namespace - example 1

Shop floor events

15/11/2013 Secure Event Management 6

WashingMachineManufacturer

ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status

ProductionLine2 ProductionLine3

Events’ namespace - example 1

Shop floor events

15/11/2013 Secure Event Management 7

WashingMachineManufacturer

ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status

ProductionLine2 ProductionLine3

WashingMachineManufacturer.ProductionPlant1.ProductionLine1.Station2.Status

Events’ namespace - example 1

Shop floor events

15/11/2013 Secure Event Management 8

WashingMachineManufacturer

ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status

ProductionLine2 ProductionLine3

WashingMachineManufacturer.ProductionPlant1.ProductionLine1.*.Status

Events’ namespace - example 1

Shop floor events

15/11/2013 Secure Event Management 9

WashingMachineManufacturer

ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status

ProductionLine2 ProductionLine3

WashingMachineManufacturer.ProductionPlant1.ProductionLine1.#

Events’ namespace - example 2

Notifications

15/11/2013 Secure Event Management 10

WashingMachineManufacturer

Alerting

ProductionPlant1

ProductionLine1

…

Station2

…

Station6

…

Station9

…

QualityAssurance

ProductionPlant1

ProductionLine1

…

Station2

…

Station 6

…

Station9

…

Namespace Manager

15/11/2013 Secure Event Management 11

Capability-based security

A capability is a communicable and unforgeabletoken of authority.

By owning it, a process/subject can access the resource/service uniquely identified in the token

and exercise the rights stated in it.

15/11/2013 Secure Event Management 12

Capability token

• Digitally signed XML document

• Based on standards for access control policies(XACML, SAML)

• Two types: Root and non-Root

15/11/2013 Secure Event Management 13

Anatomy of a capability token

• Issuer (who issues the capability)

• Subject (who the rights are granted to)

• Resource ID (URI of the resource)

• Validity Condition (validity time frame )

• Issuer’s capability

• Granted rights and their delegability

• Signature

15/11/2013 Secure Event Management 14

Capability-based security in action

15/11/2013 Secure Event Management 15

Plant 1 ManagerProduction Line 1

Manager

Station 2 Manager

Station 2 WorkerSecure Event

Access Manager

Production Plant 1Production Line 1Station 2

trusttrust

trust

trust

access

Cap#1 (Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.*

Capability-based security in action

15/11/2013 Secure Event Management 16

Production Line 1 Manager

Station 2 Manager

Station 2 WorkerSecure Event

Access Manager

trusttrust

trust

Capability-based security in action

15/11/2013 Secure Event Management 17

Plant 1 ManagerProduction Line 1

Manager

Station 2 Manager

Station 2 Worker

Cap#2 (Non-Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.*

Secure EventAccess Manager

trusttrust

trust

trust

Capability-based security in action

15/11/2013 Secure Event Management 18

Plant 1 Manager

Station 2 Manager

Station 2 WorkerSecure Event

Access Manager

trusttrust

trust

trust

Production Line 1 Manager

Cap#3 (Non-Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*

Capability-based security in action

15/11/2013 Secure Event Management 19

Plant 1 Manager

Station 2 Manager

Station 2 WorkerSecure Event

Access Manager

trusttrust

trust

trust

Production Line 1 Manager

Cap#4 (Non-Root)Rights: SubNamespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*

Capability-based security in action

15/11/2013 Secure Event Management 20

Plant 1 ManagerProduction Line 1

Manager

Station 2 Manager

Station 2 Worker

Access request

Secure EventAccess Manager

Production Plant 1Production Line 1Station 2

trusttrust

trust

trustCap#4 (Non-Root)Rights: SubNamespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*

Anatomy of a capability revocation

• Issuer

• Issuer’s capability

• Unique identifier of the revoked capability

• Revocation starting date

• Revocation scope

– Only the capability

– All derived capabilities

– The capability together with all derivedcapabilities

15/11/2013 Secure Event Management 21

Why are capabilities so cool?

• Principle of Least Authority (PoLA)

• Less security issues (e.g. Confused Deputy problem)

• Arbitrary granularity of access rights

• Distribution of the authorization management

• Independence from complexity and dynamics of identity management

• Full auditability

• Revocability15/11/2013 Secure Event Management 22

Capability wizard

15/11/2013 Secure Event Management 23

Event bus

• Based on AMQP (Advanced Message Queueing Protocol)

• Secure Event Access Manager

– capability-based security

– RESTful interface

15/11/2013 Secure Event Management 24

Access to event streams by clients

• Managed by the Secure Event Access Manager

• How it works

1. Session setting up

2. Session usage (publish/subscribe)

3. Session closing

15/11/2013 Secure Event Management 25

AMQP in a nutshell

15/11/2013 Secure Event Management 26

Queue #1

Exchange Queue #2

Queue #3

a.b.c.

Publisher

Subscribers

binding(a.b.*)

Routing key ≡ Pattern

AMQP in a nutshell

15/11/2013 Secure Event Management 27

Queue #1

Exchange Queue #2

Queue #3

a.b.c

a.b.*

a.#

Publisher

Subscribers

a.b.c.

AMQP in a nutshell

15/11/2013 Secure Event Management 28

Queue #1

Exchange Queue #2

Queue #3

a.b.c

a.b.*

a.#

a.b.c.

a.b.c.

a.b.c.

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell

15/11/2013 Secure Event Management 29

Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.b.x

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell

15/11/2013 Secure Event Management 30

Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.b.x

a.b.x

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell

15/11/2013 Secure Event Management 31

Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.y.z

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell

15/11/2013 Secure Event Management 32

Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.y.z

Publisher

Subscribers

AMQP in a nutshell

15/11/2013 Secure Event Management 33

Virtual Host #2 Virtual Host #nVirtual Host #1

Broker

Integrated Management Console

15/11/2013 Secure Event Management 34

Management of the brokers

Integrated Management Console

15/11/2013 Secure Event Management 35

Management of the virtual hosts

Integrated Management Console

15/11/2013 Secure Event Management 36

Management of the virtual hosts-namespaces mapping

So what?

• Complete decoupling of event sources and consumers (asynchronous interactions, timeliness)

• Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility)

• Bringing data to the interested consumersinstead of bringing consumers to data

• Advanced, flexible, scalable access control

15/11/2013 Secure Event Management 37

Thanks for your attention!

Q & A

15/11/2013 Secure Event Management 38

Follow Us!

• Fitman website: http://www.fitman-fi.eu/

• Twitter: @FitmanFI

• Specification of this SE: http://catalogue.fitman.atosresearch.eu/enablers/secure-event-management

15/11/2013 Secure Event Management 39