Recent Ars Technica articles covered these topics:
- "At Facebook, zero-day exploits, backdoor code bring war games drill to life."
- One large security company mistakenly revoked a key for signing Mac Apps.
- A large application vendor configured the protection for a critical zero-day exploit to be off by default.
Headlines like these scream security-Security-SECURITY!
With the RSA and NDSS conferences around the corner, expect to read more and more about securing the next wave of computing: machine-to-machine (M2M) networking. Connecting all kinds of devices to each other and the internet promises to remake global industry; it also brings an entirely different set of engineering challenges.
- The industrial internet (inter)connects many more devices than ever before.
- All these devices and users must be connected in a secure manner.
How do you protect the Illinois water systems from attack? How do you guarantee confidentiality of your medical information as you are connected to a variety of medical devices and move throughout a hospital from the emergency room, to the operating room to the CT scanner? How do you make sure that the flight path orders of a UAV have not been altered or that a patient gets the right doses of insulin?
RTI helps solve these kinds of challenges. RTI Connext DDS has been the core nervous system of hundreds of mission-critical distributed systems of different scale. We have the key technology to turn up the volume to 11 on the number of devices and amount of data, while maintaining reliability and determinism. RTI goes beyond securing merely the transport (e.g., using TLS/DTLS transports). We also provide support for authentication, authorization, access control, confidentiality, integrity and nonrepudiation for all data sent over DDS. We are well under way implementing the OMG draft DDS Security specification.
The current draft of the OMG DDS Security specification defines the DDS security model and six service plugin interfaces (SPIs). Together, these bring information assurance to DDS systems.
- The Authentication Service Plug-in provides the mechanism to verify the identity of the application and/or user that invokes operations on DDS to join a domain. Joining a DDS domain is a prerequisite to publish, subscribe or perform any other DDS operation.
- The Access Control Service Plug-in provides the means to enforce policy decisions on what DDS related operations an authenticated user can perform. E.g., which domains it can join or which Topics it can publish or subscribe to.
- The Cryptography Plug-in implements all cryptographic operations, including encryption, decryption and digital signatures.
- The Key Management Service Plug-in provides key distribution and access services. It allows DDS implementations to access the necessary keys given the identity and access control policies.
- The Logging Service Plug-in supports auditing of all DDS security-relevant events.
- The Data Tagging Service Plug-in provides a way to add tags to data samples.
Note that this specification is still work in progress and the plugin architecture may evolve.
If you have background in security and a passion for large-scale distributed real-time systems, come join us! We are looking for talented security engineers to join the development of RTI Connext DDS Secure, and security researchers to lead advanced research in secure real-time middleware.
DDS Security Extensions RFP Proposal - http://portals.omg.org/dds/content/document/dds-security-extensions-rfp-proposal