SlideShare a Scribd company logo

Secure Event Management - SEI 2 Smart Factory

FITMAN FI
FITMAN FI

Salvatore Piccione (TXT e-solutions S.p.A.)

TechnologyBusiness
1 of 39
Download to read offline
Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
Outline • Why? • What? – Secure Event Management components • So what? 15/11/2013 Secure Event Management 2
Why? • Multitude of smart objects and services • Demand for event-driven interactions • Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
Events’ namespace • Taxonomy of the events conveyed by the event bus • Conventions – Leaf nodes represent event producers – Intermediate nodes allow consumers to select a specific set of events – Patterns to select paths or portions within the namespace • Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
Events’ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 … ProductionLine1 … Station2 … … Station6 Station 6 … … Station9 15/11/2013 … Station2 … Station9 Secure Event Management 10
Namespace Manager 15/11/2013 Secure Event Management 11
Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
Capability token • Digitally signed XML document • Based on standards for access control policies (XACML, SAML) • Two types: Root and non-Root 15/11/2013 Secure Event Management 13
Anatomy of a capability token • • • • • • • Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuer’s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
Anatomy of a capability revocation • • • • • Issuer Issuer’s capability Unique identifier of the revoked capability Revocation starting date Revocation scope – Only the capability – All derived capabilities – The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
Why are capabilities so cool? • Principle of Least Authority (PoLA) • Less security issues (e.g. Confused Deputy problem) • Arbitrary granularity of access rights • Distribution of the authorization management • Independence from complexity and dynamics of identity management • Full auditability • Revocability 15/11/2013 Secure Event Management 22
Capability wizard 15/11/2013 Secure Event Management 23
Event bus • Based on AMQP (Advanced Message Queueing Protocol) • Secure Event Access Manager – capability-based security – RESTful interface 15/11/2013 Secure Event Management 24
Access to event streams by clients • Managed by the Secure Event Access Manager • How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ≡ Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
So what? • Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) • Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility) • Bringing data to the interested consumers instead of bringing consumers to data • Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
Follow Us! • Fitman website: http://www.fitman-fi.eu/ • Twitter: @FitmanFI • Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39

Recommended

2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection ModelRaj Kumar Ranabhat
 
Clicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieClicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieCLICKNL
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Advance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSAdvance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSMohit Mittal
 
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...apidays
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)Sectricity
 

Recommended

2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection ModelRaj Kumar Ranabhat
 
Clicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieClicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieCLICKNL
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Advance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSAdvance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSMohit Mittal
 
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...apidays
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)Sectricity
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingPrecisely
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09aCristian Garcia G.
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptxMuhammadYasirKhan36
 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Grace Jansen
 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessonsJan Thielscher
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxGrace Jansen
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityteam-WIBU
 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsAlex Mags
 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxGrace Jansen
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUG IT
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsviswanadhamsatish
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modelingkeyuradmin
 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Codemotion
 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Guido Schmutz
 
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFITMAN FI
 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)FITMAN FI
 

More Related Content

Similar to Secure Event Management - SEI 2 Smart Factory

Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingPrecisely
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Grace Jansen
 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessonsJan Thielscher
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxGrace Jansen
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityteam-WIBU
 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsAlex Mags
 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxGrace Jansen
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUG IT
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsviswanadhamsatish
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modelingkeyuradmin
 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Codemotion
 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Guido Schmutz
 

Similar to Secure Event Management - SEI 2 Smart Factory (20)

Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptx
 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessons
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptx
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud Projects
 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systems
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modeling
 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka
 

More from FITMAN FI

Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFITMAN FI
 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)FITMAN FI
 
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...FITMAN FI
 
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)FITMAN FI
 
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)FITMAN FI
 
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and VisualizationFITMAN FI
 
Fitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFITMAN FI
 
Fitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFITMAN FI
 
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFITMAN FI
 
Fitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFITMAN FI
 
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)FITMAN FI
 
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)FITMAN FI
 
FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN FI
 
FITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN FI
 
FITMAN Short Presentation
FITMAN Short PresentationFITMAN Short Presentation
FITMAN Short PresentationFITMAN FI
 
FITMAN General Presentation
FITMAN General PresentationFITMAN General Presentation
FITMAN General PresentationFITMAN FI
 
Infusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensInfusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensFITMAN FI
 
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN FI
 
FITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN FI
 
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerUnstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerFITMAN FI
 

More from FITMAN FI (20)

Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
 
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
 
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
 
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
 
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
 
Fitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodology
 
Fitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodology
 
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
 
Fitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEP
 
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
 
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
 
FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014
 
FITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN Phase III Presentation
FITMAN Phase III Presentation
 
FITMAN Short Presentation
FITMAN Short PresentationFITMAN Short Presentation
FITMAN Short Presentation
 
FITMAN General Presentation
FITMAN General PresentationFITMAN General Presentation
FITMAN General Presentation
 
Infusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensInfusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA Athens
 
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
 
FITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN Phase III Webinar
FITMAN Phase III Webinar
 
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerUnstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Secure Event Management - SEI 2 Smart Factory

  • 1. Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
  • 2. Outline • Why? • What? – Secure Event Management components • So what? 15/11/2013 Secure Event Management 2
  • 3. Why? • Multitude of smart objects and services • Demand for event-driven interactions • Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
  • 4. What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
  • 5. Events’ namespace • Taxonomy of the events conveyed by the event bus • Conventions – Leaf nodes represent event producers – Intermediate nodes allow consumers to select a specific set of events – Patterns to select paths or portions within the namespace • Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
  • 6. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
  • 7. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
  • 8. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
  • 9. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
  • 10. Events’ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 … ProductionLine1 … Station2 … … Station6 Station 6 … … Station9 15/11/2013 … Station2 … Station9 Secure Event Management 10
  • 12. Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
  • 13. Capability token • Digitally signed XML document • Based on standards for access control policies (XACML, SAML) • Two types: Root and non-Root 15/11/2013 Secure Event Management 13
  • 14. Anatomy of a capability token • • • • • • • Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuer’s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
  • 15. Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
  • 16. Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
  • 17. Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
  • 18. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
  • 19. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
  • 20. Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
  • 21. Anatomy of a capability revocation • • • • • Issuer Issuer’s capability Unique identifier of the revoked capability Revocation starting date Revocation scope – Only the capability – All derived capabilities – The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
  • 22. Why are capabilities so cool? • Principle of Least Authority (PoLA) • Less security issues (e.g. Confused Deputy problem) • Arbitrary granularity of access rights • Distribution of the authorization management • Independence from complexity and dynamics of identity management • Full auditability • Revocability 15/11/2013 Secure Event Management 22
  • 24. Event bus • Based on AMQP (Advanced Message Queueing Protocol) • Secure Event Access Manager – capability-based security – RESTful interface 15/11/2013 Secure Event Management 24
  • 25. Access to event streams by clients • Managed by the Secure Event Access Manager • How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
  • 26. AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ≡ Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
  • 27. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
  • 28. AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
  • 29. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
  • 30. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
  • 31. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
  • 32. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
  • 33. AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
  • 34. Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
  • 35. Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
  • 36. Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
  • 37. So what? • Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) • Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility) • Bringing data to the interested consumers instead of bringing consumers to data • Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
  • 38. Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
  • 39. Follow Us! • Fitman website: http://www.fitman-fi.eu/ • Twitter: @FitmanFI • Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39