3. Why?
• Multitude of smart objects and services
• Demand for event-driven interactions
• Controlled access to production data by
internal and external subjects
15/11/2013
Secure Event Management
3
5. Events’ namespace
• Taxonomy of the events conveyed by the
event bus
• Conventions
– Leaf nodes represent event producers
– Intermediate nodes allow consumers to select a
specific set of events
– Patterns to select paths or portions within the
namespace
• Special characters: * (exactly one node), # (zero or
more nodes)
15/11/2013
Secure Event Management
5
6. Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer
ProductionPlant1
ProductionLine1
…
ProductionLine2
ProductionLine3
…
Station 6
Station9
Station2
…
Thickness
…
Welding
Marriage
…
Informational
…
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
6
7. Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer
WashingMachineManufacturer.ProductionPlant1.
ProductionLine1.Station2.Status
ProductionPlant1
ProductionLine1
…
ProductionLine2
ProductionLine3
…
Station 6
Station9
Station2
…
Thickness
…
Welding
Marriage
…
Informational
…
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
7
8. Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer
WashingMachineManufacturer.ProductionPlant1.
ProductionLine1.*.Status
ProductionPlant1
ProductionLine1
…
ProductionLine2
ProductionLine3
…
Station 6
Station9
Station2
…
Thickness
…
Welding
Marriage
…
Informational
…
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
8
9. Events’ namespace - example 1
Shop floor events
WashingMachine
Manufacturer
WashingMachineManufacturer.ProductionPlant1.
ProductionLine1.#
ProductionPlant1
ProductionLine1
…
ProductionLine2
ProductionLine3
…
Station 6
Station9
Station2
…
Thickness
…
Welding
Marriage
…
Informational
…
Informational
Informational
Status
Status
Status
15/11/2013
Secure Event Management
9
12. Capability-based security
A capability is a communicable and unforgeable
token of authority.
By owning it, a process/subject can access the
resource/service uniquely identified in the token
and exercise the rights stated in it.
15/11/2013
Secure Event Management
12
13. Capability token
• Digitally signed XML document
• Based on standards for access control policies
(XACML, SAML)
• Two types: Root and non-Root
15/11/2013
Secure Event Management
13
14. Anatomy of a capability token
•
•
•
•
•
•
•
Issuer (who issues the capability)
Subject (who the rights are granted to)
Resource ID (URI of the resource)
Validity Condition (validity time frame )
Issuer’s capability
Granted rights and their delegability
Signature
15/11/2013
Secure Event Management
14
15. Capability-based security in action
trust
trust
Production Line 1
Manager
Plant 1 Manager
trust
Production Plant 1
Production Line 1
Station 2
Station 2 Manager
access
Secure Event
Access Manager
15/11/2013
trust
Station 2 Worker
Secure Event Management
15
16. Capability-based security in action
trust
trust
Cap#1 (Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Pattern:
WashingMachineManufacturer.
ProductionPlant1.
ProductionLine1.Station2.*
Production Line 1
Manager
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
16
17. Capability-based security in action
trust
Plant 1 Manager
trust
Cap#2 (Non-Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Pattern:
Production Line
WashingMachineManufacturer.
Manager
ProductionPlant1.
ProductionLine1.Station2.*
trust
1
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
17
18. Capability-based security in action
trust
trust
Plant 1 Manager
trust
Production Line 1
Manager
Cap#3 (Non-Root)
Rights: Pub/Sub (delegable)
Namespace: ShopFloorEvents
Pattern: WashingMachineManufacturer.
ProductionPlant1.ProductionLine1.Station2.*
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
18
19. Capability-based security in action
trust
trust
Plant 1 Manager
trust
Production Line 1
Manager
Cap#4 (Non-Root)
Rights: Sub
Namespace: ShopFloorEvents
Pattern: WashingMachineManufacturer.
ProductionPlant1.ProductionLine1.Station2.*
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
19
20. Capability-based security in action
trust
trust
Plant 1 Manager
trust
Production Plant 1
Production Line 1
Station 2
Access request
Production Line 1
Manager
Cap#4 (Non-Root)
Rights: Sub
Namespace: ShopFloorEvents
Pattern: WashingMachineManufacturer.
ProductionPlant1.ProductionLine1.Station2.*
Station 2 Manager
trust
Secure Event
Access Manager
15/11/2013
Station 2 Worker
Secure Event Management
20
21. Anatomy of a capability revocation
•
•
•
•
•
Issuer
Issuer’s capability
Unique identifier of the revoked capability
Revocation starting date
Revocation scope
– Only the capability
– All derived capabilities
– The capability together with all derived
capabilities
15/11/2013
Secure Event Management
21
22. Why are capabilities so cool?
• Principle of Least Authority (PoLA)
• Less security issues (e.g. Confused Deputy
problem)
• Arbitrary granularity of access rights
• Distribution of the authorization management
• Independence from complexity and dynamics
of identity management
• Full auditability
• Revocability
15/11/2013
Secure Event Management
22
24. Event bus
• Based on AMQP (Advanced Message
Queueing Protocol)
• Secure Event Access Manager
– capability-based security
– RESTful interface
15/11/2013
Secure Event Management
24
25. Access to event streams by clients
• Managed by the Secure Event Access Manager
• How it works
1. Session setting up
2. Session usage (publish/subscribe)
3. Session closing
15/11/2013
Secure Event Management
25
37. So what?
• Complete decoupling of event sources and
consumers (asynchronous interactions,
timeliness)
• Dynamic and smooth addition of new events’
sources and consumers (zero downtime,
scalability, flexibility)
• Bringing data to the interested consumers
instead of bringing consumers to data
• Advanced, flexible, scalable access control
15/11/2013
Secure Event Management
37
38. Thanks for your attention!
Q&A
15/11/2013
Secure Event Management
38