SlideShare a Scribd company logo

Secure Event Management - SEI 2 Smart Factory

ā€¢
ā€¢
FITMAN FI
FITMAN FI

Salvatore Piccione (TXT e-solutions S.p.A.)

TechnologyBusiness
1 of 39
Download to read offline
Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
Outline ā€¢ Why? ā€¢ What? ā€“ Secure Event Management components ā€¢ So what? 15/11/2013 Secure Event Management 2
Why? ā€¢ Multitude of smart objects and services ā€¢ Demand for event-driven interactions ā€¢ Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
Eventsā€™ namespace ā€¢ Taxonomy of the events conveyed by the event bus ā€¢ Conventions ā€“ Leaf nodes represent event producers ā€“ Intermediate nodes allow consumers to select a specific set of events ā€“ Patterns to select paths or portions within the namespace ā€¢ Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
Eventsā€™ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 ā€¦ ProductionLine1 ā€¦ Station2 ā€¦ ā€¦ Station6 Station 6 ā€¦ ā€¦ Station9 15/11/2013 ā€¦ Station2 ā€¦ Station9 Secure Event Management 10
Namespace Manager 15/11/2013 Secure Event Management 11
Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
Capability token ā€¢ Digitally signed XML document ā€¢ Based on standards for access control policies (XACML, SAML) ā€¢ Two types: Root and non-Root 15/11/2013 Secure Event Management 13
Anatomy of a capability token ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuerā€™s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
Anatomy of a capability revocation ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ Issuer Issuerā€™s capability Unique identifier of the revoked capability Revocation starting date Revocation scope ā€“ Only the capability ā€“ All derived capabilities ā€“ The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
Why are capabilities so cool? ā€¢ Principle of Least Authority (PoLA) ā€¢ Less security issues (e.g. Confused Deputy problem) ā€¢ Arbitrary granularity of access rights ā€¢ Distribution of the authorization management ā€¢ Independence from complexity and dynamics of identity management ā€¢ Full auditability ā€¢ Revocability 15/11/2013 Secure Event Management 22
Capability wizard 15/11/2013 Secure Event Management 23
Event bus ā€¢ Based on AMQP (Advanced Message Queueing Protocol) ā€¢ Secure Event Access Manager ā€“ capability-based security ā€“ RESTful interface 15/11/2013 Secure Event Management 24
Access to event streams by clients ā€¢ Managed by the Secure Event Access Manager ā€¢ How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ā‰” Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
So what? ā€¢ Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) ā€¢ Dynamic and smooth addition of new eventsā€™ sources and consumers (zero downtime, scalability, flexibility) ā€¢ Bringing data to the interested consumers instead of bringing consumers to data ā€¢ Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
Follow Us! ā€¢ Fitman website: http://www.fitman-fi.eu/ ā€¢ Twitter: @FitmanFI ā€¢ Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39

Recommended

2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
Ā 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection Model
Raj Kumar Ranabhat
Ā 
Clicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieClicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentie
CLICKNL
Ā 
Security models
Security models Security models
Security models
LJ PROJECTS
Ā 
Advance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSAdvance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRS
Mohit Mittal
Ā 
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
apidays
Ā 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
Inductive Automation
Ā 
How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)
Sectricity
Ā 

Recommended

2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
Ā 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection Model
Raj Kumar Ranabhat
Ā 
Clicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieClicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentie
CLICKNL
Ā 
Security models
Security models Security models
Security models
LJ PROJECTS
Ā 
Advance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSAdvance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRS
Mohit Mittal
Ā 
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
apidays
Ā 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
Inductive Automation
Ā 
How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)
Sectricity
Ā 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3
Mohammad Asif
Ā 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
Ā 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
Precisely
Ā 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
Cristian Garcia G.
Ā 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
Canturk Isci
Ā 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptx
MuhammadYasirKhan36
Ā 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Grace Jansen
Ā 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessons
Jan Thielscher
Ā 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
elangovans
Ā 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
WithTheBest
Ā 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptx
Grace Jansen
Ā 
No Time to Idle ā€“ License availability for business continuity
No Time to Idle ā€“ License availability for business continuityNo Time to Idle ā€“ License availability for business continuity
No Time to Idle ā€“ License availability for business continuity
team-WIBU
Ā 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud Projects
Alex Mags
Ā 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
Grace Jansen
Ā 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
Ā 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
Panda Security
Ā 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systems
viswanadhamsatish
Ā 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modeling
keyuradmin
Ā 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Codemotion
Ā 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka
Guido Schmutz
Ā 
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
FITMAN FI
Ā 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
FITMAN FI
Ā 

More Related Content

Similar to Secure Event Management - SEI 2 Smart Factory

Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Grace Jansen
Ā 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
WithTheBest
Ā 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptx
Grace Jansen
Ā 
No Time to Idle ā€“ License availability for business continuity
No Time to Idle ā€“ License availability for business continuityNo Time to Idle ā€“ License availability for business continuity
No Time to Idle ā€“ License availability for business continuity
team-WIBU
Ā 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
Grace Jansen
Ā 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
Ā 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka
Guido Schmutz
Ā 

Similar to Secure Event Management - SEI 2 Smart Factory (20)

Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3
Ā 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
Ā 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
Ā 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
Ā 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
Ā 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptx
Ā 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Ā 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessons
Ā 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
Ā 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
Ā 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptx
Ā 
No Time to Idle ā€“ License availability for business continuity
No Time to Idle ā€“ License availability for business continuityNo Time to Idle ā€“ License availability for business continuity
No Time to Idle ā€“ License availability for business continuity
Ā 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud Projects
Ā 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
Ā 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
Ā 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
Ā 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systems
Ā 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modeling
Ā 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Ā 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka
Ā 

More from FITMAN FI

Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
FITMAN FI
Ā 

More from FITMAN FI (20)

Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Ā 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Ā 
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Ā 
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Ā 
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Ā 
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
Ā 
Fitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodology
Ā 
Fitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodology
Ā 
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Ā 
Fitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEP
Ā 
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Ā 
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Ā 
FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014
Ā 
FITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN Phase III Presentation
FITMAN Phase III Presentation
Ā 
FITMAN Short Presentation
FITMAN Short PresentationFITMAN Short Presentation
FITMAN Short Presentation
Ā 
FITMAN General Presentation
FITMAN General PresentationFITMAN General Presentation
FITMAN General Presentation
Ā 
Infusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensInfusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA Athens
Ā 
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
Ā 
FITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN Phase III Webinar
FITMAN Phase III Webinar
Ā 
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerUnstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Ā 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Ā 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(ā˜Žļø+971_581248768%)**%*]'#abortion pills for sale in dubai@
Ā 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Ā 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Ā 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Ā 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Ā 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Ā 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Ā 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Ā 
Navi Mumbai Call Girls šŸ„° 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls šŸ„° 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls šŸ„° 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls šŸ„° 8617370543 Service Offer VIP Hot Model
Ā 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Ā 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Ā 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Ā 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Ā 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Ā 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Ā 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Ā 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Ā 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Ā 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Ā 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Ā 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Ā 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Ā 

Secure Event Management - SEI 2 Smart Factory

  • 1. Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
  • 2. Outline ā€¢ Why? ā€¢ What? ā€“ Secure Event Management components ā€¢ So what? 15/11/2013 Secure Event Management 2
  • 3. Why? ā€¢ Multitude of smart objects and services ā€¢ Demand for event-driven interactions ā€¢ Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
  • 4. What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
  • 5. Eventsā€™ namespace ā€¢ Taxonomy of the events conveyed by the event bus ā€¢ Conventions ā€“ Leaf nodes represent event producers ā€“ Intermediate nodes allow consumers to select a specific set of events ā€“ Patterns to select paths or portions within the namespace ā€¢ Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
  • 6. Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
  • 7. Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
  • 8. Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
  • 9. Eventsā€™ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 ā€¦ ProductionLine2 ProductionLine3 ā€¦ Station 6 Station9 Station2 ā€¦ Thickness ā€¦ Welding Marriage ā€¦ Informational ā€¦ Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
  • 10. Eventsā€™ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 ā€¦ ProductionLine1 ā€¦ Station2 ā€¦ ā€¦ Station6 Station 6 ā€¦ ā€¦ Station9 15/11/2013 ā€¦ Station2 ā€¦ Station9 Secure Event Management 10
  • 12. Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
  • 13. Capability token ā€¢ Digitally signed XML document ā€¢ Based on standards for access control policies (XACML, SAML) ā€¢ Two types: Root and non-Root 15/11/2013 Secure Event Management 13
  • 14. Anatomy of a capability token ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuerā€™s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
  • 15. Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
  • 16. Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
  • 17. Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
  • 18. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
  • 19. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
  • 20. Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
  • 21. Anatomy of a capability revocation ā€¢ ā€¢ ā€¢ ā€¢ ā€¢ Issuer Issuerā€™s capability Unique identifier of the revoked capability Revocation starting date Revocation scope ā€“ Only the capability ā€“ All derived capabilities ā€“ The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
  • 22. Why are capabilities so cool? ā€¢ Principle of Least Authority (PoLA) ā€¢ Less security issues (e.g. Confused Deputy problem) ā€¢ Arbitrary granularity of access rights ā€¢ Distribution of the authorization management ā€¢ Independence from complexity and dynamics of identity management ā€¢ Full auditability ā€¢ Revocability 15/11/2013 Secure Event Management 22
  • 24. Event bus ā€¢ Based on AMQP (Advanced Message Queueing Protocol) ā€¢ Secure Event Access Manager ā€“ capability-based security ā€“ RESTful interface 15/11/2013 Secure Event Management 24
  • 25. Access to event streams by clients ā€¢ Managed by the Secure Event Access Manager ā€¢ How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
  • 26. AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ā‰” Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
  • 27. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
  • 28. AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
  • 29. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
  • 30. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
  • 31. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
  • 32. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
  • 33. AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
  • 34. Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
  • 35. Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
  • 36. Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
  • 37. So what? ā€¢ Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) ā€¢ Dynamic and smooth addition of new eventsā€™ sources and consumers (zero downtime, scalability, flexibility) ā€¢ Bringing data to the interested consumers instead of bringing consumers to data ā€¢ Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
  • 38. Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
  • 39. Follow Us! ā€¢ Fitman website: http://www.fitman-fi.eu/ ā€¢ Twitter: @FitmanFI ā€¢ Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39