CoreDX DDS Secure is an implementation of the OMG's DDS Security specification, including the standardized plug-in API's and the interoperable reference implementation of those plug-ins.
CoreDX DDS Secure is designed to address all the threats to an unsecure DDS network. These threats include:
- Unauthorized DDS Publishers, including those injecting "bad" data, those pretending to be an authorized publisher, and those attempting a denial of service attack
- Unauthorized DDS Subscribers
- Unauthorized packet sniffers
CoreDX DDS Secure covers all aspects of secure data communications:
- Identification and Authentication
- Access Control
CoreDX DDS security features are full integrated into the publish-subscribe protocols - not simply layered on top of a secure transport like SSL. This architecture allows for full flexibility of security configuration on a topic by topic level, as well as maintaining DDS features such as dynamic discovery, scale-able reliability, and other QoS configuration policies.
CoreDX DDS Secure allows full configuration of security features from the Domain level down to rules for individual DataReaders, DataWriters, and Topics. Configuration is controlled by 2 main configuration sets: Domain Governance and Permissions.
The Domain Governance configuration controls the security protocol level, and where the security protocol is applied (built-in discovery messages, each Topic). It also controls overreaching Domains security configuration like access controls and if unauthenticated participants are allowed.
The Permissions configuration controls the publication and subscription rules for each DomainParticipant: which Topics may have DataWriters and/or DataReaders for this DomainParticipant, and their individual access controls.
CoreDX DDS Secure is an implementation of the OMG's DDS Security standard v1.0. Twin Oaks Computing maintains its active involvement in the development and maintenance of the OMG DDS standards, including the recent development and enhancement of the DDS Security specification.
The DDS Security specification includes 2 main items:
- DDS Security Plug-in API, including API's for:
DDS Security Plug-in reference implementation
- Access Control
The standardized Plug-in API allows users to implement their own plug-ins for one or more aspects of DDS Security.
The reference implementations specify a standardized implementation of the security plug-ins. These reference implementations contain state-of-the art security protocols, and may be used as-is, or used as a reference for implementing new plug-in implementations.
Contact Twin Oaks Computing for a personalized tutorial or in person CoreDX DDS Secure workshop
OMG DDS Security Standard