CoreDX DDS Secure

CoreDX DDS Secure offers a complete state-of-the-art security solution including authentication, encryption, signing, and access control.

Today's Industrial Internet of Things (IIoT) systems are deriving tremendous benefit from connected components. These additional network connections open significant security risks to mission and business critical infrastructure and business systems.

DDS Security is an unprecedented step forward in secure publish-subscribe communications. The CoreDX DDS Secure product provides a standards compliant, state-of-the-art, end-to-end security solution to meet the requirements of today's IIoT and military systems.

Overview

CoreDX DDS Secure is an implementation of the OMG's DDS Security specification, including the standardized plug-in API's and the interoperable reference implementation of those plug-ins.

CoreDX DDS Secure is designed to address all the threats to an unsecure DDS network. These threats include:

  • Unauthorized DDS Publishers, including those injecting "bad" data, those pretending to be an authorized publisher, and those attempting a denial of service attack
  • Unauthorized DDS Subscribers
  • Unauthorized packet sniffers

CoreDX DDS Secure covers all aspects of secure data communications:

  • Identification and Authentication
  • Access Control
  • Integrity
  • Confidentiality

CoreDX DDS security features are full integrated into the publish-subscribe protocols - not simply layered on top of a secure transport like SSL. This architecture allows for full flexibility of security configuration on a topic by topic level, as well as maintaining DDS features such as dynamic discovery, scale-able reliability, and other QoS configuration policies.

Architecture

DDS Security Architecture
 

Configuration

CoreDX DDS Secure allows full configuration of security features from the Domain level down to rules for individual DataReaders, DataWriters, and Topics. Configuration is controlled by 2 main configuration sets: Domain Governance and Permissions.

The Domain Governance configuration controls the security protocol level, and where the security protocol is applied (built-in discovery messages, each Topic). It also controls overreaching Domains security configuration like access controls and if unauthenticated participants are allowed.

The Permissions configuration controls the publication and subscription rules for each DomainParticipant: which Topics may have DataWriters and/or DataReaders for this DomainParticipant, and their individual access controls.

Standards

CoreDX DDS Secure is an implementation of the OMG's DDS Security standard v1.0. Twin Oaks Computing maintains its active involvement in the development and maintenance of the OMG DDS standards, including the recent development and enhancement of the DDS Security specification.

The DDS Security specification includes 2 main items:

  1. DDS Security Plug-in API, including API's for:
    • Authentication
    • Access Control
    • Cryptography
    • Logging
  2. DDS Security Plug-in reference implementation

The standardized Plug-in API allows users to implement their own plug-ins for one or more aspects of DDS Security.

The reference implementations specify a standardized implementation of the security plug-ins. These reference implementations contain state-of-the art security protocols, and may be used as-is, or used as a reference for implementing new plug-in implementations.

Learn More

Contact Twin Oaks Computing for a personalized tutorial or in person CoreDX DDS Secure workshop

OMG DDS Security Standard