RTI Security Plugins
- 1. Overview
- 1.1. Description of DDS System Threats
- 1.2. Applying DDS Protection
- 1.3. Introduction to the RTI Security Plugins
- 1.3.1. Features of RTI Security Plugins
- 1.3.2. Supported Cryptographic Algorithms
- 1.3.2.1. Cryptographic Algorithms Used for Data Flow Protection with Pre-Shared Key Protection
- 1.3.2.2. Cryptographic Algorithms Used for Data Flow Protection
- 1.3.2.3. Cryptographic Algorithms Used for Key Exchange
- 1.3.2.4. Cryptographic Algorithms Used for Digital Signatures
- 1.3.2.5. Cryptographic Algorithms Used for Data Flow Protection with the RTPS-HMAC-Only plugin
- 1.3.3. Choosing the Right Technology to Protect Your Data
- 2. Using Connext DDS Secure
- 3. Elements of a Connext DDS Secure System
- 4. Authentication
- 4.1. Handshake
- 4.2. Authentication Builtin Topic (ParticipantStatelessMessage)
- 4.3. Related Governance Rules
- 4.4. Cryptographic Algorithms
- 4.5. Advanced Authentication Concepts
- 4.6. Properties for Configuring Authentication
- 5. Access Control
- 6. Cryptography
- 6.1. Introduction
- 6.2. Cryptographic Algorithms
- 6.3. Secure Entities
- 6.4. Secure Key Exchange Channel (ParticipantVolatileMessageSecure Topic)
- 6.5. Securing DDS Messages on The Wire
- 6.6. Security Protections Applied by DDS Entities
- 6.7. Related Governance Rules
- 6.8. Advanced Cryptography Concepts
- 6.8.1. Reliability Behavior When MAC Verification Fails
- 6.8.2. Enabling Asynchronous Publishing for the Secure Key Exchange Topic
- 6.8.3. Configuring Reliability Protocol Settings of the Secure Key Exchange Topic
- 6.8.4. Securing Application-Level Acknowledgments
- 6.8.5. Origin Authentication Protection Implications
- 6.8.6. Reencoding Protected Data when Regenerating Keys
- 6.8.7. Interactions with Persistence Service
- 6.8.8. Interactions with FlatData and Zero Copy
- 6.8.9. HMAC-Only RTPS Protection
- 6.8.10. Lightweight Security Pre-Shared Key RTPS Protection
- 6.9. Properties for Configuring Cryptography
- 7. Security Events and Logging
- 8. Data Tagging
- 9. Building and Running Security Plugins-Based Applications
- 9.1. Linking Applications with the Security Plugins
- 9.2. Mixing Libraries Not Supported
- 9.3. Properties for Enabling Security
- 9.4. Advanced Concepts
- 9.5. Platform-Specific Notes
- 9.6. Libraries Required for Using the RTI Security Plugins
- 9.7. Libraries Required for Using the RTI Lightweight Security Plugins
- 10. Design Considerations
- 10.1. Factors Affecting Performance and Scalability in General
- 10.2. Security Plugins’ Impact on Scalability at Startup
- 10.3. Security Plugins Impact on Scalability and Performance During Steady State
- 10.3.1. Overhead of the Different Protection Kinds
- 10.3.2. Factors Impacting Performance and Scalability During Steady State
- 10.3.2.1. Performance Impact of Different Protection Kinds
- 10.3.2.2. Interaction Between the Security Plugins and Batching QoS
- 10.3.2.3. Interaction Between the Security Plugins and Multicast
- 10.3.2.4. Interaction with Reliability
- 10.3.2.5. Scalability Considerations for Origin Authentication Protection
- 10.3.2.6. Interaction with Content Filtered Topics
- 10.3.2.7. Interaction with Topic Queries
- 10.3.2.8. Interaction with Asynchronous Publishing
- 10.3.2.9. Interaction with Compression
- 10.3.2.10. Interaction with CRC
- 10.3.2.11. Interaction with Transport UDPv4_WAN
- 11. Best Practices
- 11.1. Choosing the Granularity of Your Permissions Documents for DomainParticipants
- 11.2. Using Serialized Data Protection Along with Submessage/RTPS Protection
- 11.3. Using Separate Domains for Secure and Unsecure Participants
- 11.4. Keeping Governance and Permissions Compatibility Across Different Connext Secure Versions
- 12. Support for OpenSSL Engines
- 13. What’s Different Between the RTI Security Plugins and the OMG Security Specification
- 13.1. Differences Affecting Builtin Plugins to be Addressed by Next DDS Security Specification
- 13.2. Differences Affecting Builtin Plugins
- 13.3. Differences Affecting Custom Plugins
- 13.3.1. Authentication
- 13.3.2. Access Control
- 13.3.2.1. check_local_datawriter_register_instance
- 13.3.2.2. check_local_datawriter_dispose_instance
- 13.3.2.3. check_remote_datawriter_register_instance
- 13.3.2.4. check_remote_datawriter_dispose_instance
- 13.3.2.5. check_local_datawriter_match / check_local_datareader_match
- 13.3.2.6. Revocation
- 13.3.2.7. PermissionsToken
- 13.3.2.8. check_remote_topic
- 13.3.3. Cryptography
- 14. RTPS-HMAC-Only Mode
- 15. Pre-Shared Key Protection
- 16. The Lightweight Security Plugins
- 17. Relevant Connext APIs