Sidebar
ddsf:public:guidebook:06_append:01_family_of_standards:01_core:dds_security
Table of Contents
OMG: DDS Security (DDS-SECURITY)
return to the DDS Family of Standards
Table 1: Data sheet for DDS Security ( DDS-SECURITY)
| Title | DDS Security |
| Acronym | DDS-SECURITY |
| Version | 1.1 |
| OMG Document Number | formal/18-04-01 |
| Release Date | July 2018 |
| About Specification | https://www.omg.org/spec/DDS-SECURITY/1.1/ |
| Document | https://www.omg.org/spec/DDS-SECURITY/1.1/PDF |
- Note: The following is an excerpt from the actual document. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.
General
This specification adds several new “DDS Security Support” compliance points (“profile”) to the Data Distribution Service (DDS) Specification. See the compliance levels within the Conformance Clause below.
Overview of this Specification
This specification defines the Security Model and Service Plugin Interface (SPI) architecture for compliant DDS implementations. The DDS Security Model is enforced by the invocation of these SPIs by the DDS implementation. This specification also defines a set of builtin implementations of these SPIs.
- The specified builtin SPI implementations enable out-of-the box security and interoperability between compliant DDS Applications.
- The use of SPIs allows DDS users to customize the behavior and technologies that the DDS implementations use for Information Assurance, specifically customization of Authentication, Access Control, Encryption, Message Authentication, Digital Signing, Logging and Data Tagging.
Figure 1: Overall architecture for Data Distribution Service (DDS) Security
This specification defines five SPIs that when combined together provide Information Assurance to DDS systems:
- Authentication Service Plugin. Provides the means to verify the identity of the application and/or user that invokes operations on DDS. Includes facilities to perform mutual authentication between participants and establish a shared secret.
- AccessControl Service Plugin. Provides the means to enforce policy decisions on what DDS related operations an authenticated user can perform. For example, which domains it can join, which Topics it can publish or subscribe to, etc.
- Cryptographic Service Plugin. Implements (or interfaces with libraries that implement) all cryptographic operations including encryption, decryption, hashing, digital signatures, etc. This includes the means to derive keys from a shared secret.
- Logging Service Plugin. Supports auditing of all DDS security-relevant events.
- Data Tagging Service Plugin. Provides a way to add tags to data samples.
Source: DDS Security 1.1
ddsf/public/guidebook/06_append/01_family_of_standards/01_core/dds_security.txt · Last modified: 2021/10/29 02:35 by char
