secure event management - sei 2 smart factory

Secure Event Management

SEI 2 Smart Factory

Salvatore Piccione (TXT e-solutions S.p.A.)

Secure Event Management 115/11/2013

Outline

• Why?

• What?

– Secure Event Management components

• So what?

15/11/2013 Secure Event Management 2

Why?

• Multitude of smart objects and services

• Demand for event-driven interactions

• Controlled access to production data by internal and external subjects


What?


Remote maintenanceoperatorsMES CEP Engines

Worker

Secure EventAccess Manager

Corporate domain border

Events’ namespace

• Taxonomy of the events conveyed by the event bus

• Conventions– Leaf nodes represent event producers

– Intermediate nodes allow consumers to select a specific set of events

– Patterns to select paths or portions within the namespace• Special characters: * (exactly one node), # (zero or

more nodes)


Events’ namespace - example 1

Shop floor events


WashingMachineManufacturer

ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status

ProductionLine2 ProductionLine3


Shop floor events



ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status


WashingMachineManufacturer.ProductionPlant1.ProductionLine1.Station2.Status


Shop floor events



ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status


WashingMachineManufacturer.ProductionPlant1.ProductionLine1.*.Status


Shop floor events



ProductionPlant1

ProductionLine1

…

…

…

Station2

Thickness

Informational

Status

…

…

…

Station 6

Welding

Informational

Status

Station9

Marriage

Informational

Status


WashingMachineManufacturer.ProductionPlant1.ProductionLine1.#


Notifications



Alerting

ProductionPlant1

ProductionLine1

…

Station2

…

Station6

…

Station9

…

QualityAssurance

ProductionPlant1

ProductionLine1

…

Station2

…

Station 6

…

Station9

…

Namespace Manager


Capability-based security

A capability is a communicable and unforgeabletoken of authority.

By owning it, a process/subject can access the resource/service uniquely identified in the token

and exercise the rights stated in it.


Capability token

• Digitally signed XML document

• Based on standards for access control policies(XACML, SAML)

• Two types: Root and non-Root


Anatomy of a capability token

• Issuer (who issues the capability)

• Subject (who the rights are granted to)

• Resource ID (URI of the resource)

• Validity Condition (validity time frame )

• Issuer’s capability

• Granted rights and their delegability

• Signature


Capability-based security in action


Plant 1 ManagerProduction Line 1

Manager

Station 2 Manager

Station 2 WorkerSecure Event

Access Manager

Production Plant 1Production Line 1Station 2

trusttrust

trust

trust

access

Cap#1 (Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.*



Production Line 1 Manager

Station 2 Manager


Access Manager

trusttrust

trust




Manager

Station 2 Manager

Station 2 Worker

Cap#2 (Non-Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.*


trusttrust

trust

trust



Plant 1 Manager

Station 2 Manager


Access Manager

trusttrust

trust

trust


Cap#3 (Non-Root)Rights: Pub/Sub (delegable)Namespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*



Plant 1 Manager

Station 2 Manager


Access Manager

trusttrust

trust

trust


Cap#4 (Non-Root)Rights: SubNamespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*




Manager

Station 2 Manager

Station 2 Worker

Access request


Production Plant 1Production Line 1Station 2

trusttrust

trust

trustCap#4 (Non-Root)Rights: SubNamespace: ShopFloorEventsPattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.*

Anatomy of a capability revocation

• Issuer

• Issuer’s capability

• Unique identifier of the revoked capability

• Revocation starting date

• Revocation scope

– Only the capability

– All derived capabilities

– The capability together with all derivedcapabilities


Why are capabilities so cool?

• Principle of Least Authority (PoLA)

• Less security issues (e.g. Confused Deputy problem)

• Arbitrary granularity of access rights

• Distribution of the authorization management

• Independence from complexity and dynamics of identity management

• Full auditability

• Revocability15/11/2013 Secure Event Management 22

Capability wizard


Event bus

• Based on AMQP (Advanced Message Queueing Protocol)

• Secure Event Access Manager

– capability-based security

– RESTful interface


Access to event streams by clients

• Managed by the Secure Event Access Manager

• How it works

1. Session setting up

2. Session usage (publish/subscribe)

3. Session closing


AMQP in a nutshell


Queue #1

Exchange Queue #2

Queue #3

a.b.c.

Publisher

Subscribers

binding(a.b.*)

Routing key ≡ Pattern

AMQP in a nutshell


Queue #1

Exchange Queue #2

Queue #3

a.b.c

a.b.*

a.#

Publisher

Subscribers

a.b.c.

AMQP in a nutshell


Queue #1

Exchange Queue #2

Queue #3

a.b.c

a.b.*

a.#

a.b.c.

a.b.c.

a.b.c.

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell


Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.b.x

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell


Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.b.x

a.b.x

Publisher

Subscribers

Queue #2Exchange

AMQP in a nutshell


Queue #1

Queue #3

a.b.c

a.b.*

a.#

a.y.z

Publisher

Subscribers

AMQP in a nutshell


Virtual Host #2 Virtual Host #nVirtual Host #1

Broker

Integrated Management Console


Management of the brokers



Management of the virtual hosts



Management of the virtual hosts-namespaces mapping

So what?

• Complete decoupling of event sources and consumers (asynchronous interactions, timeliness)

• Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility)

• Bringing data to the interested consumersinstead of bringing consumers to data

• Advanced, flexible, scalable access control


Thanks for your attention!

Q & A


Follow Us!

• Fitman website: http://www.fitman-fi.eu/

• Twitter: @FitmanFI

• Specification of this SE: http://catalogue.fitman.atosresearch.eu/enablers/secure-event-management


http://www.fitman-fi.eu/

http://catalogue.fitman.atosresearch.eu/enablers/secure-event-management

secure event management - sei 2 smart factory

Technology