2. OpenSplice Security in Brief
The OpenSplice Security module provides transport security
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
enjoying the following properties:
☐ Confidentiality and Data Integrity (Availability is built-in DDS)
OpenSplice DDS
☐ Separation between the area in which information is
processed in unencrypted-form (RED) and the area in which
critical information is not permitted to flow in unencrypted-
form (BLACK)
☐ Authenticity via Mandatory Access Control
3. Separation of Information Flows
☐ OpenSplice DDS binds a level of security to a node
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
(or OS partition on a separation kernel)
☐ All applications running on the same node will share
OpenSplice DDS
the same level of security (same user)
☐ The reliable separation of different level of security
(clearance) is provided for applications deployed
on different nodes (or OS partitions)
5. DDS Partitions
☐ The Partition QoS Policy can Domain
be used as subjects
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
organizing the flow of data
Subscriber
☐ The Partition QoS Policy is Publisher "tracks.kfo" "tracks.ufo"
used to connect Publishers/
OpenSplice DDS
Subscribers to a Partitions’
List which might also contain
Subscriber
wildcards, e.g. tracks.* Publisher
☐ Topics are published and
subscribed across one or Publisher Subscriber
more Partitions Partition
10. {C+I} in OpenSplice DDS
☐ Security profile can be Subscriber
associated with Network
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
Publisher "tracks.kfo" "tracks.ufo"
Partitions
☐ Each Security Profile Publisher
Subscriber
specifies:
OpenSplice DDS
☐ Cipher (AES, BLOWFISH, N/A)
☐ Key Publisher Subscriber
All data sent over the given
"NetPartOne" "NetPartTwo"
☐
239.1.1.18
partition is then encrypted 239.1.1.19
"NetPartThree"
239.1.1.18,
with the provided cipher/ 192.1.1.7
key
12. Access Control
☐ Access Control is implemented via an optional and
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
pluggable module
☐ This allows to plug-in modules implementing Mandatory
OpenSplice DDS
Access Control (MAC) based on Bell-LaPadula/Biba
model, Role-Based Access Control, or others
☐ The current implementation only provides support for
Mandatory Access Control (MAC)
13. Access Control in OpenSplice
☐ OpenSplice implements two access control
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
enforcement points:
☐ Inbound traffic. When reading data from the network, the
following checks are carried out:
OpenSplice DDS
☐ is the reader allowed to receive the data?
☐ was the data published by a trusted node? (in other words, was the
sender allowed to send the data)
☐ Outbound Traffic. When writing data to the network, the
following check is carried out:
☐ is the user allowed to write data to the network?
14. MAC in OpenSplice
☐ Mandatory Access Control (MAC) in Open Splice combines
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
the Bell-LaPadula and Biba models to ensure confidentiality
and data integrity.
☐ Each resource (object) has a classification made by (1)
OpenSplice DDS
secrecy level, (2) integrity level and (3) a set of compartments
that this resource is intended for
☐ Each user (subject) has a clearance made by (1) secrecy
level, (2) an integrity level and (3) a set of compartments this
user has a ‘need-to-know’ for
15. MAC in OpenSplice
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
☐ To determine if a user is authorized to access a
resource, e.g. publish a certain topic or subscribe to a
OpenSplice DDS
topic, the clearance of the user is compared to the
classification of the resource
16. Secrecy Level
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
☐ Subscribing is permitted if the resource’s secrecy level
is identical or lower than the user’s secrecy level
OpenSplice DDS
☐ Publishing is permitted if the resource’s secrecy level is
identical or higher than the user’s secrecy level
17. Integrity Level
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
☐ Subscribing is permitted if the resource’s integrity level
is identical or higher
OpenSplice DDS
☐ Publishing is permitted if the resource’s integrity level is
identical or lower
18. Need to Know
Copyright
2011,
PrismTech
–
All
Rights
Reserved.
☐ Publish/Subscribe is permitted if the user’s set of
OpenSplice DDS
compartments is a subset of the resource’s set of
compartments