SlideShare une entreprise Scribd logo
1  sur  37
Télécharger pour lire hors ligne
Your systems. Working as one.
Is Your Data Secure?
June 24 – RTI Sponsored Webinar
Gordon Hunt, gordon.hunt@rti.com
Agenda
• What is Data?
• What is Security?
• How to Bring it all Together?
• Why does it Matter?
What is Data?
Data-At-Rest?
• Where is it
• Single view of the ‘answer’
• Heterogeneous views
• How do I get to it
• State is centralized
Data-In-Motion?
• How to send/share it
• Shared view of the ‘answer’
• Homogeneous views
• How we say it
• State is distributed
Example: Clinical Decision Support Systems
Workstations,
Storage, Historical
HL7/EMR Gateway, Enterprise, 3rd Party
Room
Devices
Care Area
Administration
Example: Where and What is the Data?
Workstations,
Storage, Historical
HL7/EMR Gateway, Enterprise, 3rd Party
Room
Care Area
Administration
Location:
Room 247B
Data:
HomerSimpson
Example: Blue Force Tracker Systems
6
TSG TSG
TSG
JNN
Ku-Band
ARMY
BFT1
BFT1
L-Band
VSAT
JCR
NOC
L-Band
Ground Stations
EPLRS
EPLRS
EPLRS EPLRS
ARMY EPLRS
EPLRS EPLRS
USMC
TSG
TSG
TSG
DISA
JBCP
NOC
Messages and Routing versus Actionable Data
• Message-Centric NOC
Architecture
– Point to Point
– State is Implicit
– Intermediate messages
are not actionable
• Data-Centric NOC
Architecture
– Observable databus
– State is Explicit
– Intermediate state is
actionable
Comtech
Side A
Comtech
Side B
CUI Network
Gateway
Satcom 1
CUI Network
Gateway
Satcom 2
SEC
Region
Server
3
SEC
NOC
Cntlr
SEC
MySQL
Server
SEC
NTP
SEC
CDI
CUI
Region
Server
1
CUI
NOC
Cntrlr
CUI
MySQL
Server
CUI
CDI
CUI
NDS
CUI
NAS
Network Switch Network Switch
NIPR
NTP
NIPR
CDI
SEC
C2R
DDS
CUI NOC Secret NOC
Radiant
Mercury
CUI ASA 5510
Comtech
LBAND
NIPRNET
SEC Router
SEC Isolation
Router
CUI Isolation
Router
CUI Isolation
Router
BFT1
NEH
Cisco
2924XL
SEC Legacy
Gateway
SEC JCR
Gateway
SEC
Satcom
Gateway
SIPRNET
SEC
NDS
SEC
NAS
Cisco
2924XL
CUI
Aux
Trans
CUI
NTP
SEC
Aux
Trans
CUI
MTS-
ES
CUI
Region
Server
2
SEC
Region
Server
4
1
2
3 4
5 6 7
8
9
1
0
1
1
1
2
Dell PowerEdge 815
RTI DDS
SEC Enclave
Radiant
Mercury
CP Conduit G
SIPRNet
CP Conduit H
Cross Domain Conduit J
SA
Process
C2
Process
SDSA
Process
KGV-72 x 4
CUI
SA
Process
C2
Process
SDSA
Process
SA
Process
C2
Process
SDSA
Process
JCR NOC
NOC SA Display Conduit K
SA
Process
C2
Process
SDSA
Process
Type 1 Conduit I
SA
Process
C2
Process
SDSA
Process
SIPRNet
Persistence
Server
SDSA/C2
Routing
Configuration
Management
Logging
Health
Monitoring
DataStore
NOC
Addressed
C2 Display
ASCOPE ASCOPE
Datastore
Results of Making Data Actionable
• Before
I. Custom implementation for
the Army
II. Centralized, monolithic and
tightly coupled
III. Under development for 8
years
IV. 500,000 SLoC
V. Required 21 quad-core
servers
VI. Supported 10,000
sustained tracks
VII. Suffered reliability and
uptime challenges
• After
I. Standards based, COTS and
Open Architecture
II. De-centralized, modular
and de-coupled
III. PoC completed in 1 week,
full system in 1 year
IV. 50,000 SLoC
V. Only requires a single core
system
VI. Supports 500,000
sustained tracks
VII. Inherently supports full
redundancy
8
Where is the Data?
Point-to-point, sockets, RPC, RMI
Data and its state is in the applications
Each application maintains its view
Centralized, DB, ESBs
Data and its state is in the Database
Managed interactions with data and state
Decentralized, Data Centric
Data and its state is in the bus
Stateless clients/services
Data needs explicit properties to manage its behavior
Broker
ESB
DBMS
Where is the Data?
Centralized Analytics and Control
• Limits scalability and performance
– Capacity of individual links and switch ports
– CPU and resource limits on servers
• Diminished robustness
– Tied to server maintenance and failures
– Single point of “vulnerability”
• Lessens capabilities and utility
– Single centralized “brain”
– No autonomy or Intelligence at the edge.
• Brittle security. All intelligence is “in a box”
Centralized ESB, Database,
or Message Broker
Where is the Data?
Distributed Analytics & Control
• Analyze orders of magnitude more data
• Lower latency control for faster response
• Highly resilient, no single point of failure
• Fine-grained access control and security
• More capable and flexible Intelligence at the edge
Decentralized, fully
Distributed DDS DataBus
What is Security?
• Authentication:
– The bank knows who you are; you must show ID.
• Access Control:
– The bank only lets those on an access list into your box.
• Confidentiality:
– You are alone in the room Nobody can see the contents of the box.
• Integrity:
– The box is sealed. If anybody touches it you will know.
• Non repudiation:
– You sign when you come in and out so you can’t claim that you
weren’t there.
• Availability:
– The bank is always open.
How to Implement Security?
Security Related Infrastructure
• Intrusion Detection and Actions
• Malware Detection and Prevention
• Secure Boot & Trusted Platforms
• Secure Comms and Data Links
• Key and Identity Mgmt.
• Cryptologic Functions
• …
Very Domain specific – may need all of these
e.g.
Where is Security?
Multiple Security Boundaries
• Boundary Security
• Transport-Level
– Network (layer 3) security
– Session (layer 4/5) security
– Endpoint-based access
• Fine-grained Data-Centric Security
– Queue/table-based access
– Decentralized or centralized?
Ultimately you need to implement all of them
RPC
over DDS
2014
DDS
Security
2014
Web-Enabled
DDS
2013
15
DDS
Implementation
App
DDS
Implementation
App
DDS
Implementation
DDS Spec
2004
DDS
Interoperablity
2006
UML DDS
Profile
2008
DDS for
Lw CCM
2009
DDS
X-Types
2010 2012
DDS-STD-C++
DDS-JAVA5
How to Bring it all Together?
The Interoperability Standard:
App
Network / TCP / UDP / IP / SharedMem / …
Data Identity
in the Global Data Space
• Domain:
– The world you are talking about
• Topic:
– A group of similar objects
• Similar structure (“type”)
• Similar way they change over time (“Quality of Service”)
• Instance:
– An individual object in the topic group of similar objects
• Like the “key” fields in a database table
• Domain Participant:
– A connection to the Domain in order to source/observe observations
• Data Writer:
– The source of observations about a set of data objects (Topic)
• Data Reader:
– Observer of a set of data-objects
• Sample:
– An update of an instance
Domain
Topic “A”
Topic “B”
Logical
Physical
Data Behavior
in the Global Data Space
• Aside from the actual data to be delivered, users often
need to specify HOW to send it …
… reliably (or “send and forget”)
… how much data (all data , last 5 samples, every 2 secs)
… how long before data is regarded as ‘stale’ and is discarded
… how many publishers of the same data is allowed
… how to ‘failover’ if an existing publisher stops sending data
… how to detect “dead” applications
… …
• These options are controlled by formally-defined
Quality of Service (QoS)
Deadline
Reliability
HistoryLiveliness
Time Based
Filter
Content
Filtering
Durability
Ownership
Partition
Presentation
LifespanDestination
Order
Resource
Limits
Latency
Budget
Flow Control
User,
Group,
Topic Data
Batching
Transports
Multi-
Channel
Async
Publisher
DDS Quality of Service
Deadline
Reliability
(optional)
HistoryLiveliness
Time Based
Filter
Content
Filtering
Durability
Ownership
Partition
Presentation
Lifespan
Destination
Order
Resource
Limits
Latency
Budget
Flow Control
User,
Group,
Topic Data
Batching
(optional)
Transports
Multi-
Channel
Async
Publisher
Use Case: Streaming Data
Deadline
Reliability
HistoryLiveliness
Time Based
Filter
Content
Filtering
Durability
Ownership
Partition
Presentation
Lifespan
Destination
Order
Resource
Limits
Latency
Budget
Flow Control
User,
Group,
Topic Data
Batching
Transports
Multi-
Channel
Async
Publisher
Use Case: Alarms / Events
Deadline
Reliability
History
Liveliness
Time Based
Filter
Content
Filtering
Durability
Ownership
Partition
Presentation
Lifespan
Destination
Order
Resource
Limits
Latency
Budget
Flow Control
User,
Group,
Topic Data
Batching
Transports
Multi-
Channel
Async
Publisher
Use Case: Large Data
Deadline
Reliability
HistoryLiveliness
Time Based
Filter
Content
Filtering
Durability
Ownership
Partition
Presentation
Lifespan
Destination
Order
Resource
Limits
Latency
Budget
Flow Control
User,
Group,
Topic Data
Batching
Transports
Multi-
Channel
Async
Publisher
Use Case: Last Value Cache
Data Security
in the Global Data Space
• Access control per Topic
– And all that that implies
• Read versus-write permissions
– But enable fully distributed enforcement
• Source-specific permissions and tagging
– Fine-grained specificity of policies
Topics
Domain
Topic “B”
Topic “A”
Topic “C”
Data Security
in the Global Data Space
• Authentication:
– The Domain knows who you are, you must show ID
• Access Control:
– Only those on the Topics’ access list are allowed (r/w)
• Confidentiality:
– Data payload and meta-data individually encrypted.
• Integrity:
– Data samples include destination specific signatures/MACs.
• Non repudiation:
– Specified behavior and associated quality of service for
acknowledgements
• Availability:
– DDS managed and specified behavior, rich fault/failure management
Data Security
How is it Done?
• Security Model
– What to Protect
• Security Plugin APIs
– How/where to protect
– Interchangeability of the plugins
• DDS RTPS Wire Protocol
– Data encapsulation and
discovery interoperability
• Default Builtin Plugins
– Out-of-box implementation
– Interoperable implementations
OMG DDS Security Specification
RTI Connext™ DDS Implementation
Data Security
Threats in the Global Data Space
1. Unauthorized subscription
2. Unauthorized publication
3. Tampering and replay
4. Unauthorized access to data by infrastructure services
Alice: Allowed to publish topic ‘T’
Bob: Allowed to subscribe to topic ‘T’
Eve: Non-authorized eavesdropper
Trudy: Intruder
Mallory: Malicious insider
Trent: Trusted infrastructure service
Alice
Bob
Eve
Trudy
Trent
Mallory
Data Security
Using Secure DDS (per OMG spec)
• Start with a Domain Configuration
– Signed document that sets
policies for the Domain
• Specifies
– What Topics are discovered using
Secure Discovery
– Encrypt or Sign for Secure Discovery
– What Topics have controlled access
– Encrypt or Sign for each secure Topic
• User data and payload
• Metadata and routing information
– What to do with unauthenticated
access requests
Data Security
Using Secure DDS per OMG specification
• For each Participant
– Its an identified point of access
– Enables fully distributed
authentication
– Enables local access enforcement
• Specifies
– What Domain IDs it can join
– What Topics it can read/write
– What Topics it can relay
– What Partitions it can join
– What Tags are associated with the
Readers and Writers
What’s Happening Inside DDS?
Create
Domain
Participant
Authenticate
DP?
Create
Endpoints
Discover
remote
Endpoints
Send/Receive
data
Discover
remote DP
Authenticate
DP?
Yes
Domain
Participant
Create Fails
No
Access OK?
Endpoint
Create Fails
No
Authenticate
Remote DP?
Ignore
Remote DP
No
Yes
Access OK?
Ignore
remote
endpoint
Message
security
DP = Domain Participant
Endpoint = Reader / Writer
No
What’s Happening on the Wire?
• RTPS Protocol Supports
– Rigorous identity, source
and destination indication
– Sequence numbers for state
recreation
– Content awareness for
efficient delivery
– Timestamps for data and
state integrity
– Efficient use of transports
– Proxy & routing support
– Reliability & synchronization
handshaking
…
encode_serialized_data()
encode_datawriter_submessage()
encode_datareader_submessage()
encode_rtps_message()
…
Why does it Matter?
Connext DDS Secure Benefits
• Decentralized
– High performance
– No single point of failure
• Runs over any transport
– Including low bandwidth, unreliable
– Multicast for scalability, low latency
• Select encryption or message
authentication
– Only encrypt private data
– Up to 100x faster
• Customizable plugin architecture
• Data Distribution Service (DDS) compliant
• Works with unmodified existing apps
Connext DDS
library
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport
(e.g., TCP, UDP, multicast,
shared memory, )
Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
Why does it Matter?
RTI and PNNL Grid Security Retrofit
RTI Routing
Service
ComProcessor
RTI Routing
Service
Gateway
DNP3
Slave
Device
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
RTI Routing
Service
Gateway
DDS
LAN
DDS
LAN
RTI Routing
Service
ComProcessor
IP
Router
IP
Router
DDS over WAN
DDS
over UDP/WAN
Effective DNP3
connection
Details at http://blogs.rti.com
Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
Why does it Matter?
RTI and PNNL Grid Security Retrofit
DNP3
Slave
Device
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
RTI Routing
Service
Gateway
IP
Router
IP
Router
DDS over WAN
Secure DDS
over UDP
Effective DNP3
connection
Details at http://blogs.rti.com
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
Why does it Matter?
RTI and PNNL Grid Security Retrofit
DNP3
Slave
Device
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
RTI Routing
Service
Gateway
IP
Router
IP
Router
DDS over WAN
Secure DDS
over UDP
Attack Detector
Display
Scada
Converter
Anomaly
Detector
Effective DNP3
connection
Details at http://blogs.rti.com
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
Why does it Matter?
Secure, flexible, scalable, and performant
system integration.
• Decoupled access to data via the Global Data Space
– This does not mean loss of access control to the information and data
– It means that the Data Space must have an associated security model
• DDS can use standard PKI and cryptographic techniques to
enforce the security policies
• DDS can use domain-specific system technologies and
capabilities to address security
The key is to use a data-centric security model
DDS Secure
Connext DDS Professional
RTI Connext™: A Next Generation Infrastructure
DDS-RTPS Wire Interoperability Protocol
DDS & JMS
Libraries
Routing
Service
Database
Integration
Connext
DDS Micro
Connext
DDS Cert
Administration
Monitoring
Microsoft Excel
Recording
Replay
Wireshark
Persistence
Logging
Prototyper
General Purpose
Real-Time Apps
Remote
Apps
Disparate
Apps
Adapter
RDBMS Small Footprint
Apps
Safety critical
Applications
DDS-RTPS Wire Interoperability Protocol
Next Steps & Questions
• Evaluation Available Today
• Contact
– info@rti.com Or your local Account Manager
www.rti.com
community.rti.com
www.facebook.com/RTIsoftware
www.slideshare.net/RealTimeInnovations
www.twitter.com/RealTimeInnov
blogs.rti.com
www.youtube.com/realtimeinnovations
www.omg.org
dds.omg.org

Contenu connexe

Tendances

Wp ipam infoblox
Wp ipam infobloxWp ipam infoblox
Wp ipam infobloxislamet
 
How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...Real-Time Innovations (RTI)
 
Integração de Dados com Apache NIFI - Marco Garcia Cetax
Integração de Dados com Apache NIFI - Marco Garcia CetaxIntegração de Dados com Apache NIFI - Marco Garcia Cetax
Integração de Dados com Apache NIFI - Marco Garcia CetaxMarco Garcia
 
System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...Real-Time Innovations (RTI)
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyDataWorks Summit
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...Gerardo Pardo-Castellote
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop EcosystemDataWorks Summit
 
Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachRemedy IT
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02Shawn Wells
 
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Shravan (Sean) Pabba
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightScale
 
Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)Zuora, Inc.
 

Tendances (20)

Wp ipam infoblox
Wp ipam infobloxWp ipam infoblox
Wp ipam infoblox
 
How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...How the fusion of time sensitive networking, time-triggered ethernet and data...
How the fusion of time sensitive networking, time-triggered ethernet and data...
 
Integração de Dados com Apache NIFI - Marco Garcia Cetax
Integração de Dados com Apache NIFI - Marco Garcia CetaxIntegração de Dados com Apache NIFI - Marco Garcia Cetax
Integração de Dados com Apache NIFI - Marco Garcia Cetax
 
System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...System integration in offshore supply vessels – how we applied DDS and redefi...
System integration in offshore supply vessels – how we applied DDS and redefi...
 
DDS Enabling Open Architecture
DDS Enabling Open ArchitectureDDS Enabling Open Architecture
DDS Enabling Open Architecture
 
TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.TechTalk: Connext DDS 5.2.
TechTalk: Connext DDS 5.2.
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happy
 
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
OMG DDS Security Submission Presentation (September 2013 - 6th Revised Submis...
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop Ecosystem
 
Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approach
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
 
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined Networking
 
Secrets of Autonomous Car Design
Secrets of Autonomous Car DesignSecrets of Autonomous Car Design
Secrets of Autonomous Car Design
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)Usage Based Metering in the Cloud (Subscribed13)
Usage Based Metering in the Cloud (Subscribed13)
 
Understanding SDN
Understanding SDNUnderstanding SDN
Understanding SDN
 

Similaire à Is Your Data Secure

Data Services Marketplace
Data Services MarketplaceData Services Marketplace
Data Services MarketplaceDenodo
 
Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...
Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...
Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...Denodo
 
Managing your data paget
Managing your data pagetManaging your data paget
Managing your data pagetTERN Australia
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
BCS DMSG Healthcare Data Management : Transformation through Migration 26-1...
BCS DMSG Healthcare Data Management : Transformation through Migration   26-1...BCS DMSG Healthcare Data Management : Transformation through Migration   26-1...
BCS DMSG Healthcare Data Management : Transformation through Migration 26-1...BCS Data Management Specialist Group
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmontscm24
 
Real Time Java DDS
Real Time Java DDSReal Time Java DDS
Real Time Java DDSkerush
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Druva
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionUlf Mattsson
 
Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Gerardo Pardo-Castellote
 
Certified Data Architecture and Management Designer : MDM and Metadata Manage...
Certified Data Architecture and Management Designer : MDM and Metadata Manage...Certified Data Architecture and Management Designer : MDM and Metadata Manage...
Certified Data Architecture and Management Designer : MDM and Metadata Manage...Vinay Sail
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptxirfanullahkhan64
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for DevicesJorgen Thelin
 
K8s dds meetup_presentation
K8s dds meetup_presentationK8s dds meetup_presentation
K8s dds meetup_presentationItay Shakury
 
Bitkom Cray presentation - on HPC affecting big data analytics in FS
Bitkom Cray presentation - on HPC affecting big data analytics in FSBitkom Cray presentation - on HPC affecting big data analytics in FS
Bitkom Cray presentation - on HPC affecting big data analytics in FSPhilip Filleul
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architectureCosta Pissaris
 

Similaire à Is Your Data Secure (20)

Data Services Marketplace
Data Services MarketplaceData Services Marketplace
Data Services Marketplace
 
Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...
Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...
Why a Data Services Marketplace is Critical for a Successful Data-Driven Ente...
 
Managing your data paget
Managing your data pagetManaging your data paget
Managing your data paget
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
BCS DMSG Healthcare Data Management : Transformation through Migration 26-1...
BCS DMSG Healthcare Data Management : Transformation through Migration   26-1...BCS DMSG Healthcare Data Management : Transformation through Migration   26-1...
BCS DMSG Healthcare Data Management : Transformation through Migration 26-1...
 
Data Domain-Driven Design
Data Domain-Driven DesignData Domain-Driven Design
Data Domain-Driven Design
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 
Real Time Java DDS
Real Time Java DDSReal Time Java DDS
Real Time Java DDS
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
 
SMART Seminar Series: SMART Data Management
SMART Seminar Series: SMART Data ManagementSMART Seminar Series: SMART Data Management
SMART Seminar Series: SMART Data Management
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
 
Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.Introduction to DDS: Context, Information Model, Security, and Applications.
Introduction to DDS: Context, Information Model, Security, and Applications.
 
Certified Data Architecture and Management Designer : MDM and Metadata Manage...
Certified Data Architecture and Management Designer : MDM and Metadata Manage...Certified Data Architecture and Management Designer : MDM and Metadata Manage...
Certified Data Architecture and Management Designer : MDM and Metadata Manage...
 
Identity and User Access Management.pptx
Identity and User Access Management.pptxIdentity and User Access Management.pptx
Identity and User Access Management.pptx
 
Dw 07032018-dr pl pradhan
Dw 07032018-dr pl pradhanDw 07032018-dr pl pradhan
Dw 07032018-dr pl pradhan
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for Devices
 
K8s dds meetup_presentation
K8s dds meetup_presentationK8s dds meetup_presentation
K8s dds meetup_presentation
 
Bitkom Cray presentation - on HPC affecting big data analytics in FS
Bitkom Cray presentation - on HPC affecting big data analytics in FSBitkom Cray presentation - on HPC affecting big data analytics in FS
Bitkom Cray presentation - on HPC affecting big data analytics in FS
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
 

Plus de Real-Time Innovations (RTI)

Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Real-Time Innovations (RTI)
 
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...Real-Time Innovations (RTI)
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Real-Time Innovations (RTI)
 
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security FrameworkThe Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security FrameworkReal-Time Innovations (RTI)
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsReal-Time Innovations (RTI)
 
The Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car ArchitecturesThe Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car ArchitecturesReal-Time Innovations (RTI)
 
How to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control SystemsHow to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control SystemsReal-Time Innovations (RTI)
 
Fog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of ThingsFog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of ThingsReal-Time Innovations (RTI)
 
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial SystemsThe Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial SystemsReal-Time Innovations (RTI)
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsReal-Time Innovations (RTI)
 
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Real-Time Innovations (RTI)
 
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...Real-Time Innovations (RTI)
 
Data Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of ThingsData Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of ThingsReal-Time Innovations (RTI)
 
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...Real-Time Innovations (RTI)
 
Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDSDeveloping Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDSReal-Time Innovations (RTI)
 

Plus de Real-Time Innovations (RTI) (20)

A Tour of RTI Applications
A Tour of RTI ApplicationsA Tour of RTI Applications
A Tour of RTI Applications
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
 
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
The Inside Story: How the IIC’s Connectivity Framework Guides IIoT Connectivi...
 
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
Upgrade Your System’s Security - Making the Jump from Connext DDS Professiona...
 
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security FrameworkThe Inside Story: Leveraging the IIC's Industrial Internet Security Framework
The Inside Story: Leveraging the IIC's Industrial Internet Security Framework
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
 
The Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car ArchitecturesThe Low-Risk Path to Building Autonomous Car Architectures
The Low-Risk Path to Building Autonomous Car Architectures
 
Introduction to RTI DDS
Introduction to RTI DDSIntroduction to RTI DDS
Introduction to RTI DDS
 
How to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control SystemsHow to Design Distributed Robotic Control Systems
How to Design Distributed Robotic Control Systems
 
Fog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of ThingsFog Computing is the Future of the Industrial Internet of Things
Fog Computing is the Future of the Industrial Internet of Things
 
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial SystemsThe Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
The Inside Story: How OPC UA and DDS Can Work Together in Industrial Systems
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
 
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from MarsSpace Rovers and Surgical Robots: System Architecture Lessons from Mars
Space Rovers and Surgical Robots: System Architecture Lessons from Mars
 
Advancing Active Safety for Next-Gen Automotive
Advancing Active Safety for Next-Gen AutomotiveAdvancing Active Safety for Next-Gen Automotive
Advancing Active Safety for Next-Gen Automotive
 
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
Learn About FACE Aligned Reference Platform: Built on COTS and DO-178C Certif...
 
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardenin...
 
Data Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of ThingsData Distribution Service Security and the Industrial Internet of Things
Data Distribution Service Security and the Industrial Internet of Things
 
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
 
Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDSDeveloping Mission-Critical Avionics and Defense Systems with Ada and DDS
Developing Mission-Critical Avionics and Defense Systems with Ada and DDS
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security 	IoT and M2M Safety and Security
IoT and M2M Safety and Security
 

Dernier

Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Jonathan Katz
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.Sharon Liu
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App DevelopmentMobulous Technologies
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024ThousandEyes
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentBOSC Tech Labs
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 

Dernier (20)

Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)Vectors are the new JSON in PostgreSQL (SCaLE 21x)
Vectors are the new JSON in PostgreSQL (SCaLE 21x)
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
Understanding Native Mobile App Development
Understanding Native Mobile App DevelopmentUnderstanding Native Mobile App Development
Understanding Native Mobile App Development
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
React 19: Revolutionizing Web Development
React 19: Revolutionizing Web DevelopmentReact 19: Revolutionizing Web Development
React 19: Revolutionizing Web Development
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 

Is Your Data Secure

  • 1. Your systems. Working as one. Is Your Data Secure? June 24 – RTI Sponsored Webinar Gordon Hunt, gordon.hunt@rti.com
  • 2. Agenda • What is Data? • What is Security? • How to Bring it all Together? • Why does it Matter?
  • 3. What is Data? Data-At-Rest? • Where is it • Single view of the ‘answer’ • Heterogeneous views • How do I get to it • State is centralized Data-In-Motion? • How to send/share it • Shared view of the ‘answer’ • Homogeneous views • How we say it • State is distributed
  • 4. Example: Clinical Decision Support Systems Workstations, Storage, Historical HL7/EMR Gateway, Enterprise, 3rd Party Room Devices Care Area Administration
  • 5. Example: Where and What is the Data? Workstations, Storage, Historical HL7/EMR Gateway, Enterprise, 3rd Party Room Care Area Administration Location: Room 247B Data: HomerSimpson
  • 6. Example: Blue Force Tracker Systems 6 TSG TSG TSG JNN Ku-Band ARMY BFT1 BFT1 L-Band VSAT JCR NOC L-Band Ground Stations EPLRS EPLRS EPLRS EPLRS ARMY EPLRS EPLRS EPLRS USMC TSG TSG TSG DISA JBCP NOC
  • 7. Messages and Routing versus Actionable Data • Message-Centric NOC Architecture – Point to Point – State is Implicit – Intermediate messages are not actionable • Data-Centric NOC Architecture – Observable databus – State is Explicit – Intermediate state is actionable Comtech Side A Comtech Side B CUI Network Gateway Satcom 1 CUI Network Gateway Satcom 2 SEC Region Server 3 SEC NOC Cntlr SEC MySQL Server SEC NTP SEC CDI CUI Region Server 1 CUI NOC Cntrlr CUI MySQL Server CUI CDI CUI NDS CUI NAS Network Switch Network Switch NIPR NTP NIPR CDI SEC C2R DDS CUI NOC Secret NOC Radiant Mercury CUI ASA 5510 Comtech LBAND NIPRNET SEC Router SEC Isolation Router CUI Isolation Router CUI Isolation Router BFT1 NEH Cisco 2924XL SEC Legacy Gateway SEC JCR Gateway SEC Satcom Gateway SIPRNET SEC NDS SEC NAS Cisco 2924XL CUI Aux Trans CUI NTP SEC Aux Trans CUI MTS- ES CUI Region Server 2 SEC Region Server 4 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 Dell PowerEdge 815 RTI DDS SEC Enclave Radiant Mercury CP Conduit G SIPRNet CP Conduit H Cross Domain Conduit J SA Process C2 Process SDSA Process KGV-72 x 4 CUI SA Process C2 Process SDSA Process SA Process C2 Process SDSA Process JCR NOC NOC SA Display Conduit K SA Process C2 Process SDSA Process Type 1 Conduit I SA Process C2 Process SDSA Process SIPRNet Persistence Server SDSA/C2 Routing Configuration Management Logging Health Monitoring DataStore NOC Addressed C2 Display ASCOPE ASCOPE Datastore
  • 8. Results of Making Data Actionable • Before I. Custom implementation for the Army II. Centralized, monolithic and tightly coupled III. Under development for 8 years IV. 500,000 SLoC V. Required 21 quad-core servers VI. Supported 10,000 sustained tracks VII. Suffered reliability and uptime challenges • After I. Standards based, COTS and Open Architecture II. De-centralized, modular and de-coupled III. PoC completed in 1 week, full system in 1 year IV. 50,000 SLoC V. Only requires a single core system VI. Supports 500,000 sustained tracks VII. Inherently supports full redundancy 8
  • 9. Where is the Data? Point-to-point, sockets, RPC, RMI Data and its state is in the applications Each application maintains its view Centralized, DB, ESBs Data and its state is in the Database Managed interactions with data and state Decentralized, Data Centric Data and its state is in the bus Stateless clients/services Data needs explicit properties to manage its behavior Broker ESB DBMS
  • 10. Where is the Data? Centralized Analytics and Control • Limits scalability and performance – Capacity of individual links and switch ports – CPU and resource limits on servers • Diminished robustness – Tied to server maintenance and failures – Single point of “vulnerability” • Lessens capabilities and utility – Single centralized “brain” – No autonomy or Intelligence at the edge. • Brittle security. All intelligence is “in a box” Centralized ESB, Database, or Message Broker
  • 11. Where is the Data? Distributed Analytics & Control • Analyze orders of magnitude more data • Lower latency control for faster response • Highly resilient, no single point of failure • Fine-grained access control and security • More capable and flexible Intelligence at the edge Decentralized, fully Distributed DDS DataBus
  • 12. What is Security? • Authentication: – The bank knows who you are; you must show ID. • Access Control: – The bank only lets those on an access list into your box. • Confidentiality: – You are alone in the room Nobody can see the contents of the box. • Integrity: – The box is sealed. If anybody touches it you will know. • Non repudiation: – You sign when you come in and out so you can’t claim that you weren’t there. • Availability: – The bank is always open.
  • 13. How to Implement Security? Security Related Infrastructure • Intrusion Detection and Actions • Malware Detection and Prevention • Secure Boot & Trusted Platforms • Secure Comms and Data Links • Key and Identity Mgmt. • Cryptologic Functions • … Very Domain specific – may need all of these e.g.
  • 14. Where is Security? Multiple Security Boundaries • Boundary Security • Transport-Level – Network (layer 3) security – Session (layer 4/5) security – Endpoint-based access • Fine-grained Data-Centric Security – Queue/table-based access – Decentralized or centralized? Ultimately you need to implement all of them
  • 15. RPC over DDS 2014 DDS Security 2014 Web-Enabled DDS 2013 15 DDS Implementation App DDS Implementation App DDS Implementation DDS Spec 2004 DDS Interoperablity 2006 UML DDS Profile 2008 DDS for Lw CCM 2009 DDS X-Types 2010 2012 DDS-STD-C++ DDS-JAVA5 How to Bring it all Together? The Interoperability Standard: App Network / TCP / UDP / IP / SharedMem / …
  • 16. Data Identity in the Global Data Space • Domain: – The world you are talking about • Topic: – A group of similar objects • Similar structure (“type”) • Similar way they change over time (“Quality of Service”) • Instance: – An individual object in the topic group of similar objects • Like the “key” fields in a database table • Domain Participant: – A connection to the Domain in order to source/observe observations • Data Writer: – The source of observations about a set of data objects (Topic) • Data Reader: – Observer of a set of data-objects • Sample: – An update of an instance Domain Topic “A” Topic “B” Logical Physical
  • 17. Data Behavior in the Global Data Space • Aside from the actual data to be delivered, users often need to specify HOW to send it … … reliably (or “send and forget”) … how much data (all data , last 5 samples, every 2 secs) … how long before data is regarded as ‘stale’ and is discarded … how many publishers of the same data is allowed … how to ‘failover’ if an existing publisher stops sending data … how to detect “dead” applications … … • These options are controlled by formally-defined Quality of Service (QoS)
  • 23. Data Security in the Global Data Space • Access control per Topic – And all that that implies • Read versus-write permissions – But enable fully distributed enforcement • Source-specific permissions and tagging – Fine-grained specificity of policies Topics Domain Topic “B” Topic “A” Topic “C”
  • 24. Data Security in the Global Data Space • Authentication: – The Domain knows who you are, you must show ID • Access Control: – Only those on the Topics’ access list are allowed (r/w) • Confidentiality: – Data payload and meta-data individually encrypted. • Integrity: – Data samples include destination specific signatures/MACs. • Non repudiation: – Specified behavior and associated quality of service for acknowledgements • Availability: – DDS managed and specified behavior, rich fault/failure management
  • 25. Data Security How is it Done? • Security Model – What to Protect • Security Plugin APIs – How/where to protect – Interchangeability of the plugins • DDS RTPS Wire Protocol – Data encapsulation and discovery interoperability • Default Builtin Plugins – Out-of-box implementation – Interoperable implementations OMG DDS Security Specification RTI Connext™ DDS Implementation
  • 26. Data Security Threats in the Global Data Space 1. Unauthorized subscription 2. Unauthorized publication 3. Tampering and replay 4. Unauthorized access to data by infrastructure services Alice: Allowed to publish topic ‘T’ Bob: Allowed to subscribe to topic ‘T’ Eve: Non-authorized eavesdropper Trudy: Intruder Mallory: Malicious insider Trent: Trusted infrastructure service Alice Bob Eve Trudy Trent Mallory
  • 27. Data Security Using Secure DDS (per OMG spec) • Start with a Domain Configuration – Signed document that sets policies for the Domain • Specifies – What Topics are discovered using Secure Discovery – Encrypt or Sign for Secure Discovery – What Topics have controlled access – Encrypt or Sign for each secure Topic • User data and payload • Metadata and routing information – What to do with unauthenticated access requests
  • 28. Data Security Using Secure DDS per OMG specification • For each Participant – Its an identified point of access – Enables fully distributed authentication – Enables local access enforcement • Specifies – What Domain IDs it can join – What Topics it can read/write – What Topics it can relay – What Partitions it can join – What Tags are associated with the Readers and Writers
  • 29. What’s Happening Inside DDS? Create Domain Participant Authenticate DP? Create Endpoints Discover remote Endpoints Send/Receive data Discover remote DP Authenticate DP? Yes Domain Participant Create Fails No Access OK? Endpoint Create Fails No Authenticate Remote DP? Ignore Remote DP No Yes Access OK? Ignore remote endpoint Message security DP = Domain Participant Endpoint = Reader / Writer No
  • 30. What’s Happening on the Wire? • RTPS Protocol Supports – Rigorous identity, source and destination indication – Sequence numbers for state recreation – Content awareness for efficient delivery – Timestamps for data and state integrity – Efficient use of transports – Proxy & routing support – Reliability & synchronization handshaking … encode_serialized_data() encode_datawriter_submessage() encode_datareader_submessage() encode_rtps_message() …
  • 31. Why does it Matter? Connext DDS Secure Benefits • Decentralized – High performance – No single point of failure • Runs over any transport – Including low bandwidth, unreliable – Multicast for scalability, low latency • Select encryption or message authentication – Only encrypt private data – Up to 100x faster • Customizable plugin architecture • Data Distribution Service (DDS) compliant • Works with unmodified existing apps Connext DDS library Authentication Access Control Encryption Data Tagging Logging Application Any Transport (e.g., TCP, UDP, multicast, shared memory, )
  • 32. Control Station DNP3 Master Device Transmission Substation DNP3 Slave Device Why does it Matter? RTI and PNNL Grid Security Retrofit RTI Routing Service ComProcessor RTI Routing Service Gateway DNP3 Slave Device DNP3 over RS232/485 DNP3 over Ethernet DNP3 over DDS RTI Routing Service Gateway DDS LAN DDS LAN RTI Routing Service ComProcessor IP Router IP Router DDS over WAN DDS over UDP/WAN Effective DNP3 connection Details at http://blogs.rti.com
  • 33. Control Station DNP3 Master Device Transmission Substation DNP3 Slave Device Why does it Matter? RTI and PNNL Grid Security Retrofit DNP3 Slave Device DNP3 over RS232/485 DNP3 over Ethernet DNP3 over DDS RTI Routing Service Gateway IP Router IP Router DDS over WAN Secure DDS over UDP Effective DNP3 connection Details at http://blogs.rti.com RTI Routing Service Gateway RTI Routing Service ComProcessor RTI Routing Service Gateway RTI Routing Service ComProcessor
  • 34. Control Station DNP3 Master Device Transmission Substation DNP3 Slave Device Why does it Matter? RTI and PNNL Grid Security Retrofit DNP3 Slave Device DNP3 over RS232/485 DNP3 over Ethernet DNP3 over DDS RTI Routing Service Gateway IP Router IP Router DDS over WAN Secure DDS over UDP Attack Detector Display Scada Converter Anomaly Detector Effective DNP3 connection Details at http://blogs.rti.com RTI Routing Service Gateway RTI Routing Service ComProcessor RTI Routing Service Gateway RTI Routing Service ComProcessor
  • 35. Why does it Matter? Secure, flexible, scalable, and performant system integration. • Decoupled access to data via the Global Data Space – This does not mean loss of access control to the information and data – It means that the Data Space must have an associated security model • DDS can use standard PKI and cryptographic techniques to enforce the security policies • DDS can use domain-specific system technologies and capabilities to address security The key is to use a data-centric security model
  • 36. DDS Secure Connext DDS Professional RTI Connext™: A Next Generation Infrastructure DDS-RTPS Wire Interoperability Protocol DDS & JMS Libraries Routing Service Database Integration Connext DDS Micro Connext DDS Cert Administration Monitoring Microsoft Excel Recording Replay Wireshark Persistence Logging Prototyper General Purpose Real-Time Apps Remote Apps Disparate Apps Adapter RDBMS Small Footprint Apps Safety critical Applications DDS-RTPS Wire Interoperability Protocol
  • 37. Next Steps & Questions • Evaluation Available Today • Contact – info@rti.com Or your local Account Manager www.rti.com community.rti.com www.facebook.com/RTIsoftware www.slideshare.net/RealTimeInnovations www.twitter.com/RealTimeInnov blogs.rti.com www.youtube.com/realtimeinnovations www.omg.org dds.omg.org