SlideShare a Scribd company logo

Secure Event Management - SEI 2 Smart Factory

FITMAN FI
FITMAN FI

Salvatore Piccione (TXT e-solutions S.p.A.)

TechnologyBusiness
1 of 39
Download to read offline
Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
Outline • Why? • What? – Secure Event Management components • So what? 15/11/2013 Secure Event Management 2
Why? • Multitude of smart objects and services • Demand for event-driven interactions • Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
Events’ namespace • Taxonomy of the events conveyed by the event bus • Conventions – Leaf nodes represent event producers – Intermediate nodes allow consumers to select a specific set of events – Patterns to select paths or portions within the namespace • Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
Events’ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 … ProductionLine1 … Station2 … … Station6 Station 6 … … Station9 15/11/2013 … Station2 … Station9 Secure Event Management 10
Namespace Manager 15/11/2013 Secure Event Management 11
Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
Capability token • Digitally signed XML document • Based on standards for access control policies (XACML, SAML) • Two types: Root and non-Root 15/11/2013 Secure Event Management 13
Anatomy of a capability token • • • • • • • Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuer’s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
Anatomy of a capability revocation • • • • • Issuer Issuer’s capability Unique identifier of the revoked capability Revocation starting date Revocation scope – Only the capability – All derived capabilities – The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
Why are capabilities so cool? • Principle of Least Authority (PoLA) • Less security issues (e.g. Confused Deputy problem) • Arbitrary granularity of access rights • Distribution of the authorization management • Independence from complexity and dynamics of identity management • Full auditability • Revocability 15/11/2013 Secure Event Management 22
Capability wizard 15/11/2013 Secure Event Management 23
Event bus • Based on AMQP (Advanced Message Queueing Protocol) • Secure Event Access Manager – capability-based security – RESTful interface 15/11/2013 Secure Event Management 24
Access to event streams by clients • Managed by the Secure Event Access Manager • How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ≡ Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
So what? • Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) • Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility) • Bringing data to the interested consumers instead of bringing consumers to data • Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
Follow Us! • Fitman website: http://www.fitman-fi.eu/ • Twitter: @FitmanFI • Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39

Recommended

2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection ModelRaj Kumar Ranabhat
 
Clicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieClicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieCLICKNL
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Advance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSAdvance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSMohit Mittal
 
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...apidays
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)Sectricity
 

Recommended

2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Take-Grant Protection Model
Take-Grant Protection ModelTake-Grant Protection Model
Take-Grant Protection ModelRaj Kumar Ranabhat
 
Clicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieClicknl creatieve industrie & smart industry regioconferentie
Clicknl creatieve industrie & smart industry regioconferentieCLICKNL
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Advance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSAdvance Microservice Patterns - Event Souring , CQRS
Advance Microservice Patterns - Event Souring , CQRSMohit Mittal
 
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...
INTERFACE by apidays 2023 - Leveraging Event Streaming to Super-Charge your B...apidays
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)How Balabit helps to comply with iso 27001 (infographics)
How Balabit helps to comply with iso 27001 (infographics)Sectricity
 
Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingPrecisely
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09aCristian Garcia G.
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptxMuhammadYasirKhan36
 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Grace Jansen
 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessonsJan Thielscher
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxGrace Jansen
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityteam-WIBU
 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsAlex Mags
 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxGrace Jansen
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUG IT
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsviswanadhamsatish
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modelingkeyuradmin
 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Codemotion
 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Guido Schmutz
 
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFITMAN FI
 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)FITMAN FI
 

More Related Content

Similar to Secure Event Management - SEI 2 Smart Factory

Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Mohammad Asif
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingPrecisely
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Grace Jansen
 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessonsJan Thielscher
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxGrace Jansen
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityteam-WIBU
 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsAlex Mags
 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxGrace Jansen
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUG IT
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsviswanadhamsatish
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modelingkeyuradmin
 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Codemotion
 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Guido Schmutz
 

Similar to Secure Event Management - SEI 2 Smart Factory (20)

Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3Blockchin Architecture on Azure-Part-3
Blockchin Architecture on Azure-Part-3
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 
CH18-CompSec4e.pptx
CH18-CompSec4e.pptxCH18-CompSec4e.pptx
CH18-CompSec4e.pptx
 
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
Addressing the transaction challenge in a cloud-native world Devoxx Ukraine 2022
 
Successful IoT projects - a few lessons
Successful IoT projects - a few lessonsSuccessful IoT projects - a few lessons
Successful IoT projects - a few lessons
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
JCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptxJCON_Adressing the transaction challenge in a cloud-native world.pptx
JCON_Adressing the transaction challenge in a cloud-native world.pptx
 
No Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuityNo Time to Idle – License availability for business continuity
No Time to Idle – License availability for business continuity
 
Risk Management for Public Cloud Projects
Risk Management for Public Cloud ProjectsRisk Management for Public Cloud Projects
Risk Management for Public Cloud Projects
 
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptxJBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
JBCNConf_Addressing_The_Transaction_Challenge_LRA.pptx
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
Full accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systemsFull accesspolicyconsolidation for event processing systems
Full accesspolicyconsolidation for event processing systems
 
Threat Modeling
Threat ModelingThreat Modeling
Threat Modeling
 
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
Matteo Murgida - Monet: a NodeJS enterprise system for IoT and Energy Managem...
 
Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka Building event-driven (Micro)Services with Apache Kafka
Building event-driven (Micro)Services with Apache Kafka
 

More from FITMAN FI

Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFITMAN FI
 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)FITMAN FI
 
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...FITMAN FI
 
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)FITMAN FI
 
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)FITMAN FI
 
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and VisualizationFITMAN FI
 
Fitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFITMAN FI
 
Fitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFITMAN FI
 
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFITMAN FI
 
Fitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFITMAN FI
 
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)FITMAN FI
 
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)FITMAN FI
 
FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN FI
 
FITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN FI
 
FITMAN Short Presentation
FITMAN Short PresentationFITMAN Short Presentation
FITMAN Short PresentationFITMAN FI
 
FITMAN General Presentation
FITMAN General PresentationFITMAN General Presentation
FITMAN General PresentationFITMAN FI
 
Infusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensInfusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensFITMAN FI
 
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN FI
 
FITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN FI
 
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerUnstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerFITMAN FI
 

More from FITMAN FI (20)

Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem AppsFitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
Fitman webinar 2015 09-21 Supply Chain & Business Ecosystem Apps
 
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
Fitman webinar 2015 09-21 Advanced Management of Virtualized Assets (MoVA)
 
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
Fitman webinar 2015 09-21 Generation and Transformation of Virtualized Assets...
 
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
Fitman webinar 2015 09-21 Dynamic Visualisation and Interaction (DyVisual)
 
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
Fitman webinar 2015 09-21 VF Data Interoperability Platform Services (DIPS)
 
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
2015 09-21 webinar - 3D SCAN 3D Scanning Storage and Visualization
 
Fitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodologyFitman webinar 2015 06 Verification and Validation methodology
Fitman webinar 2015 06 Verification and Validation methodology
 
Fitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodologyFitman webinar 2015 06 sme engagement methodology
Fitman webinar 2015 06 sme engagement methodology
 
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment MethodologyFitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
Fitman webinar 2015 06 Socio-Economic Impact Assessment Methodology
 
Fitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEPFitman webinar 2015 06 Dynamic CEP
Fitman webinar 2015 06 Dynamic CEP
 
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
Fitman webinar 2015 06 Collaborative Business Process Management (CBPM)
 
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)Fitman webinar 2015 06 Collaborative Asset Management (CAM)
Fitman webinar 2015 06 Collaborative Asset Management (CAM)
 
FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014FITMAN Support Webinar to A16-November 2014
FITMAN Support Webinar to A16-November 2014
 
FITMAN Phase III Presentation
FITMAN Phase III PresentationFITMAN Phase III Presentation
FITMAN Phase III Presentation
 
FITMAN Short Presentation
FITMAN Short PresentationFITMAN Short Presentation
FITMAN Short Presentation
 
FITMAN General Presentation
FITMAN General PresentationFITMAN General Presentation
FITMAN General Presentation
 
Infusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA AthensInfusing social innovation in FI for Manufacturing-FIA Athens
Infusing social innovation in FI for Manufacturing-FIA Athens
 
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process ManagementFITMAN Specific Enabler Webinar on Collaborative Business Process Management
FITMAN Specific Enabler Webinar on Collaborative Business Process Management
 
FITMAN Phase III Webinar
FITMAN Phase III WebinarFITMAN Phase III Webinar
FITMAN Phase III Webinar
 
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN AnlzerUnstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
Unstructured & Social Data Analytics Specific Enabler FITMAN Anlzer
 

Recently uploaded

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Secure Event Management - SEI 2 Smart Factory

  • 1. Secure Event Management SEI 2 Smart Factory Salvatore Piccione (TXT e-solutions S.p.A.) 15/11/2013 Secure Event Management 1
  • 2. Outline • Why? • What? – Secure Event Management components • So what? 15/11/2013 Secure Event Management 2
  • 3. Why? • Multitude of smart objects and services • Demand for event-driven interactions • Controlled access to production data by internal and external subjects 15/11/2013 Secure Event Management 3
  • 4. What? MES CEP Engines Remote maintenance operators Corporate domain border Secure Event Access Manager Worker 15/11/2013 Secure Event Management 4
  • 5. Events’ namespace • Taxonomy of the events conveyed by the event bus • Conventions – Leaf nodes represent event producers – Intermediate nodes allow consumers to select a specific set of events – Patterns to select paths or portions within the namespace • Special characters: * (exactly one node), # (zero or more nodes) 15/11/2013 Secure Event Management 5
  • 6. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 6
  • 7. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.Station2.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 7
  • 8. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.*.Status ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 8
  • 9. Events’ namespace - example 1 Shop floor events WashingMachine Manufacturer WashingMachineManufacturer.ProductionPlant1. ProductionLine1.# ProductionPlant1 ProductionLine1 … ProductionLine2 ProductionLine3 … Station 6 Station9 Station2 … Thickness … Welding Marriage … Informational … Informational Informational Status Status Status 15/11/2013 Secure Event Management 9
  • 10. Events’ namespace - example 2 Notifications WashingMachineManufacturer Alerting QualityAssurance ProductionPlant1 ProductionPlant1 ProductionLine1 … ProductionLine1 … Station2 … … Station6 Station 6 … … Station9 15/11/2013 … Station2 … Station9 Secure Event Management 10
  • 12. Capability-based security A capability is a communicable and unforgeable token of authority. By owning it, a process/subject can access the resource/service uniquely identified in the token and exercise the rights stated in it. 15/11/2013 Secure Event Management 12
  • 13. Capability token • Digitally signed XML document • Based on standards for access control policies (XACML, SAML) • Two types: Root and non-Root 15/11/2013 Secure Event Management 13
  • 14. Anatomy of a capability token • • • • • • • Issuer (who issues the capability) Subject (who the rights are granted to) Resource ID (URI of the resource) Validity Condition (validity time frame ) Issuer’s capability Granted rights and their delegability Signature 15/11/2013 Secure Event Management 14
  • 15. Capability-based security in action trust trust Production Line 1 Manager Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Station 2 Manager access Secure Event Access Manager 15/11/2013 trust Station 2 Worker Secure Event Management 15
  • 16. Capability-based security in action trust trust Cap#1 (Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1. ProductionLine1.Station2.* Production Line 1 Manager Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 16
  • 17. Capability-based security in action trust Plant 1 Manager trust Cap#2 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: Production Line WashingMachineManufacturer. Manager ProductionPlant1. ProductionLine1.Station2.* trust 1 Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 17
  • 18. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#3 (Non-Root) Rights: Pub/Sub (delegable) Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 18
  • 19. Capability-based security in action trust trust Plant 1 Manager trust Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 19
  • 20. Capability-based security in action trust trust Plant 1 Manager trust Production Plant 1 Production Line 1 Station 2 Access request Production Line 1 Manager Cap#4 (Non-Root) Rights: Sub Namespace: ShopFloorEvents Pattern: WashingMachineManufacturer. ProductionPlant1.ProductionLine1.Station2.* Station 2 Manager trust Secure Event Access Manager 15/11/2013 Station 2 Worker Secure Event Management 20
  • 21. Anatomy of a capability revocation • • • • • Issuer Issuer’s capability Unique identifier of the revoked capability Revocation starting date Revocation scope – Only the capability – All derived capabilities – The capability together with all derived capabilities 15/11/2013 Secure Event Management 21
  • 22. Why are capabilities so cool? • Principle of Least Authority (PoLA) • Less security issues (e.g. Confused Deputy problem) • Arbitrary granularity of access rights • Distribution of the authorization management • Independence from complexity and dynamics of identity management • Full auditability • Revocability 15/11/2013 Secure Event Management 22
  • 24. Event bus • Based on AMQP (Advanced Message Queueing Protocol) • Secure Event Access Manager – capability-based security – RESTful interface 15/11/2013 Secure Event Management 24
  • 25. Access to event streams by clients • Managed by the Secure Event Access Manager • How it works 1. Session setting up 2. Session usage (publish/subscribe) 3. Session closing 15/11/2013 Secure Event Management 25
  • 26. AMQP in a nutshell Subscribers Queue #1 Publisher Routing key ≡ Pattern a.b.c. Exchange binding(a.b.*) Queue #2 Queue #3 15/11/2013 Secure Event Management 26
  • 27. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 27
  • 28. AMQP in a nutshell Subscribers a.b.c a.b.c. Queue #1 Publisher a.b.* a.b.c. Exchange Queue #2 a.# a.b.c. Queue #3 15/11/2013 Secure Event Management 28
  • 29. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 29
  • 30. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.b.x Exchange Queue #2 a.# a.b.x Queue #3 15/11/2013 Secure Event Management 30
  • 31. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* a.y.z Exchange Queue #2 a.# Queue #3 15/11/2013 Secure Event Management 31
  • 32. AMQP in a nutshell Subscribers a.b.c Queue #1 Publisher a.b.* Exchange Queue #2 a.# a.y.z Queue #3 15/11/2013 Secure Event Management 32
  • 33. AMQP in a nutshell Broker Virtual Host #1 15/11/2013 Virtual Host #2 Secure Event Management Virtual Host #n 33
  • 34. Integrated Management Console Management of the brokers 15/11/2013 Secure Event Management 34
  • 35. Integrated Management Console Management of the virtual hosts 15/11/2013 Secure Event Management 35
  • 36. Integrated Management Console Management of the virtual hosts-namespaces mapping 15/11/2013 Secure Event Management 36
  • 37. So what? • Complete decoupling of event sources and consumers (asynchronous interactions, timeliness) • Dynamic and smooth addition of new events’ sources and consumers (zero downtime, scalability, flexibility) • Bringing data to the interested consumers instead of bringing consumers to data • Advanced, flexible, scalable access control 15/11/2013 Secure Event Management 37
  • 38. Thanks for your attention! Q&A 15/11/2013 Secure Event Management 38
  • 39. Follow Us! • Fitman website: http://www.fitman-fi.eu/ • Twitter: @FitmanFI • Specification of this SE: http://catalogue.fitman.atosresearch.eu/enabl ers/secure-event-management 15/11/2013 Secure Event Management 39