3. Why?
ā¢ Multitude of smart objects and services
ā¢ Demand for event-driven interactions
ā¢ Controlled access to production data by
internal and external subjects
15/11/2013
Secure Event Management
3
5. Eventsā namespace
ā¢ Taxonomy of the events conveyed by the
event bus
ā¢ Conventions
ā Leaf nodes represent event producers
ā Intermediate nodes allow consumers to select a
specific set of events
ā Patterns to select paths or portions within the
namespace
ā¢ Special characters: * (exactly one node), # (zero or
more nodes)
15/11/2013
Secure Event Management
5
6. Eventsā namespace - example 1
Shop floor events
WashingMachine
Manufacturer
ProductionPlant1
ProductionLine1
ā¦
ProductionLine2
ProductionLine3
ā¦
Station 6
Station9
Station2
ā¦
Thickness
ā¦
Welding
Marriage
ā¦
Informational
ā¦
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
6
7. Eventsā namespace - example 1
Shop floor events
WashingMachine
Manufacturer
WashingMachineManufacturer.ProductionPlant1.
ProductionLine1.Station2.Status
ProductionPlant1
ProductionLine1
ā¦
ProductionLine2
ProductionLine3
ā¦
Station 6
Station9
Station2
ā¦
Thickness
ā¦
Welding
Marriage
ā¦
Informational
ā¦
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
7
8. Eventsā namespace - example 1
Shop floor events
WashingMachine
Manufacturer
WashingMachineManufacturer.ProductionPlant1.
ProductionLine1.*.Status
ProductionPlant1
ProductionLine1
ā¦
ProductionLine2
ProductionLine3
ā¦
Station 6
Station9
Station2
ā¦
Thickness
ā¦
Welding
Marriage
ā¦
Informational
ā¦
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
8
9. Eventsā namespace - example 1
Shop floor events
WashingMachine
Manufacturer
WashingMachineManufacturer.ProductionPlant1.
ProductionLine1.#
ProductionPlant1
ProductionLine1
ā¦
ProductionLine2
ProductionLine3
ā¦
Station 6
Station9
Station2
ā¦
Thickness
ā¦
Welding
Marriage
ā¦
Informational
ā¦
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
9
12. Capability-based security
A capability is a communicable and unforgeable
token of authority.
By owning it, a process/subject can access the
resource/service uniquely identified in the token
and exercise the rights stated in it.
15/11/2013
Secure Event Management
12
13. Capability token
ā¢ Digitally signed XML document
ā¢ Based on standards for access control policies
(XACML, SAML)
ā¢ Two types: Root and non-Root
15/11/2013
Secure Event Management
13
14. Anatomy of a capability token
ā¢
ā¢
ā¢
ā¢
ā¢
ā¢
ā¢
Issuer (who issues the capability)
Subject (who the rights are granted to)
Resource ID (URI of the resource)
Validity Condition (validity time frame )
Issuerās capability
Granted rights and their delegability
Signature
15/11/2013
Secure Event Management
14
15. Capability-based security in action
trust
trust
Production Line 1
Manager
Plant 1 Manager
trust
Production Plant 1
Production Line 1
Station 2
Station 2 Manager
access
Secure Event
Access Manager
15/11/2013
trust
Station 2 Worker
Secure Event Management
15
16. Capability-based security in action
trust
trust
Cap#1 (Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Pattern:
WashingMachineManufacturer.
ProductionPlant1.
ProductionLine1.Station2.*
Production Line 1
Manager
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
16
17. Capability-based security in action
trust
Plant 1 Manager
trust
Cap#2 (Non-Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Pattern:
Production Line
WashingMachineManufacturer.
Manager
ProductionPlant1.
ProductionLine1.Station2.*
trust
1
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
17
18. Capability-based security in action
trust
trust
Plant 1 Manager
trust
Production Line 1
Manager
Cap#3 (Non-Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Pattern: WashingMachineManufacturer.
ProductionPlant1.ProductionLine1.Station2.*
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
18
19. Capability-based security in action
trust
trust
Plant 1 Manager
trust
Production Line 1
Manager
Cap#4 (Non-Root)
Rights: Sub
Namespace: ShopFloorEvents
Pattern: WashingMachineManufacturer.
ProductionPlant1.ProductionLine1.Station2.*
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
19
20. Capability-based security in action
trust
trust
Plant 1 Manager
trust
Production Plant 1
Production Line 1
Station 2
Access request
Production Line 1
Manager
Cap#4 (Non-Root)
Rights: Sub
Namespace: ShopFloorEvents
Pattern: WashingMachineManufacturer.
ProductionPlant1.ProductionLine1.Station2.*
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
20
21. Anatomy of a capability revocation
ā¢
ā¢
ā¢
ā¢
ā¢
Issuer
Issuerās capability
Unique identifier of the revoked capability
Revocation starting date
Revocation scope
ā Only the capability
ā All derived capabilities
ā The capability together with all derived
capabilities
15/11/2013
Secure Event Management
21
22. Why are capabilities so cool?
ā¢ Principle of Least Authority (PoLA)
ā¢ Less security issues (e.g. Confused Deputy
problem)
ā¢ Arbitrary granularity of access rights
ā¢ Distribution of the authorization management
ā¢ Independence from complexity and dynamics
of identity management
ā¢ Full auditability
ā¢ Revocability
15/11/2013
Secure Event Management
22
24. Event bus
ā¢ Based on AMQP (Advanced Message
Queueing Protocol)
ā¢ Secure Event Access Manager
ā capability-based security
ā RESTful interface
15/11/2013
Secure Event Management
24
25. Access to event streams by clients
ā¢ Managed by the Secure Event Access Manager
ā¢ How it works
1. Session setting up
2. Session usage (publish/subscribe)
3. Session closing
15/11/2013
Secure Event Management
25
37. So what?
ā¢ Complete decoupling of event sources and
consumers (asynchronous interactions,
timeliness)
ā¢ Dynamic and smooth addition of new eventsā
sources and consumers (zero downtime,
scalability, flexibility)
ā¢ Bringing data to the interested consumers
instead of bringing consumers to data
ā¢ Advanced, flexible, scalable access control
15/11/2013
Secure Event Management
37
38. Thanks for your attention!
Q&A
15/11/2013
Secure Event Management
38