Wojciech Sliwinski BE/CO for the RBAC team 25/04/2013.

Slides:



Advertisements
Similar presentations
Hart District Acceptable Use Policy Acceptable Use Policy.
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Controls Configuration Service Overview GSI Antonio on behalf of the Controls Configuration team Beams Department Controls Group Data & Applications.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Server and domain isolation using IPsec and group Policy
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
 M.A - BIS Workshop – 4th of February 2015 BIS software layers at CERN Maxime Audrain BIS workshop for CERN and ESS, 3-4 of February 2015 On behalf of.
BE-CO work for the TS Nov 8 Nov 11P.Charrue - BE/CO - LBOC1.
Industrial Control Engineering Industrial Controls in the Injectors: "You (will) know that they are here" Hervé Milcent On behalf of EN/ICE IEFC workshop.
Overview of Data Management solutions for the Control and Operation of the CERN Accelerators Database Futures Workshop, CERN June 2011 Zory Zaharieva,
Rapid Application Development Environment based on LabVIEW A. Raimondo (AB/CO) ATC/ABOC Days, January 2008.
Introduction to Network Defense
controls Middleware – OVERVIEW & architecture 26th June 2013
Wojciech Sliwinski for BE-CO group Special thanks to: E.Hatziangeli, K.Sigerud, P.Charrue, V.Baggiolini, M.Sobczak, M.Arruat, F.Ehm LHC Beam Commissioning.
E. Hatziangeli – LHC Beam Commissioning meeting - 17th March 2009.
Chapter 10: Authentication Guide to Computer Network Security.
Pierre Charrue – BE/CO.  Preamble  The LHC Controls Infrastructure  External Dependencies  Redundancies  Control Room Power Loss  Conclusion 6 March.
15 Maintaining a Web Site Section 15.1 Identify Webmastering tasks Identify Web server maintenance techniques Describe the importance of backups Section.
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Log analysis in the accelerator sector Steen Jensen, BE-CO-DO.
Proposal for Decisions 2007 Work Baseline M.Jonker for the Cocost* * Collimation Controls Steering Team.
Controls Issues Injection beam2 test meeting 28 th Aug 2008 Eugenia Hatziangeli Input from J. Lewis, M. Sobzak, JJ Gras, C. Roderick, M.Pace, N. Stapley,
EPAC08 / J. Wenninger - CERN1 Protection Controls for High Power Accelerators J. Wenninger CERN AB Department / Operations Group Acknowledgments : V. Kain,
1 Beam Plans for Accelerator Systems: The Machine Protection System Jan Uythoven On behalf of the MPWG and the MPS Commissioning WG Special thanks to R.Schmidt,
T HE BE/CO T ESTBED AND ITS USE FOR TIMING AND SOFTWARE VALIDATION 22 June BE-CO-HT Jean-Claude BAU.
Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.
Session 1 Introduction  What is RADE  Technology  Palette  Tools  Template  Combined Example  How to get RADE  Questions? RADE Applications EN-ICE-MTA.
Access Control Policy Tool (ACPT) Ensure the safety and flexibility in composing access control policies Current features: Allows policy authors to conveniently.
Debriefing of controls re-commissioning for injectors after LS1 TC 09 October 2014.
Security Vulnerabilities in A Virtual Environment
RBAC Content: LHC Operational Mode Piquet Roles RBAC Strict LHC Operational mode and CMW Acknowledgements: Pierre C., Wojtek S., Stephen P., Lars J., Verena.
Team now comfortable with > 80k lines of inherited code Controller Ported to run on new 64 bit Proliant machine Re-engineered Orbit Trigger delivery (now.
AT Control Forum First Meeting. Introduction  The AT Controls FORUM :  Is responsible for coordination of the overall strategy for controls activities.
FriendFinder Location-aware social networking on mobile phones.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Feedbacks from EN/STI A. Masi On behalf of EN-STI Mathieu Donze` Odd Oyvind Andreassen Adriaan Rijllart Paul Peronnard Salvatore Danzeca Mario Di Castro.
Issues concerning Device Access (JAPC / CMW / FESA) With input from: A.Butterworth, E.Carlier, A. Guerrero, JJ. Gras, St. Page, S. Deghaye, R. Gorbonosov,
Authentication and Authorization for the ESS* Control System
AB/CO Review, Interlock team, 20 th September Interlock team – the AB/CO point of view M.Zerlauth, R.Harrison Powering Interlocks A common task.
DIAMON Project Project Definition and Specifications Based on input from the AB/CO Section leaders.
V. Kain – eLTC – 7March08 1 V.Kain, S. Gysin, G. Kruk, M. Lamont, J. Netzel, A. Rey, W. Sliwinski, M. Sobczak, J. Wenninger LSA & Safety - RBAC, MCS Roled.
MPP 4 th March - 1v0 CERN MPP CERN MPP SMP Team 3.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
LHC Section Meeting 1.eLogbook 2.LHC Controls Security Panel.
Suzanne Gysin 1, Andrey D. Petrov 1, Pierre Charrue 2, Wojciech Gajewski 2, Kris Kostro 2, Maciej Peryt 2 1 Fermi National Accelerator Laboratory, 2 European.
Linac2 and Linac3 D. Küchler for the linac team. Planning first preparative meeting for the start-up of Linac2 in June 2013 –this early kick-off useful.
Systems, their relations & information. Concepts and Status of the new central service for tracking relations between CERN accelerator systems TE/MPE TM.
TE/TM 30 th March - 0v1 CERN MPP SMP 3v0 - Introduction 3 *fast *safe *reliable *available generates flags & values.
BEAM INSTRUMENTATION GROUP DEPENDABILITY APPROACH CERN, Chamonix 26th January 2016 William Viganò
PC Current Interlocking for the SPS Fast Extractions. 1 J. Wenninger July 2009.
An introduction to… Lockout Tagout. Aim Every year thousands of workers get killed or injured while performing repairs or maintenance on industrial equipment.
Marine Pace Technical Committee -12 Dec DRY RUNS COMMISSIONING & EARLY BEAM OPERATION STABLE OPERATION.
Industrial Control Engineering Session 1 Introduction  What is RADE  Technology  Palette  Tools  Template  Combined Example  How to get RADE 
BE-CO work for the TS Outcome of the actions 23 – 28 Apr May 12P.Charrue - BE/CO - LBOC1.
MPE Workshop 14/12/2010 Post Mortem Project Status and Plans Arkadiusz Gorzawski (on behalf of the PMA team)
LSA Core overview 6 / 11 / 2007 Wojciech Śliwiński (AB-CO-AP) on behalf of LSA team.
H2LC The Hitchhiker's guide to LSA Core Rule #1 Don’t panic.
LS1 Review BE-CO-SRC Section Contributions from: A.Radeva, J.C Bau, J.Betz, S.Deghaye, A.Dworak, F.Hoguin, S.Jensen, I.Koszar, J.Lauener, F.Locci, W.Sliwinski,
0v1.
Introduction to RBAC Wojciech Sliwinski BE/CO for the CMW/RBAC team
Status and Plans for InCA
Control system network security issues and recommendations
Computing infrastructure for accelerator controls and security-related aspects BE/CO Day – 22.June.2010 The first part of this talk gives an overview of.
LHCCWG Meeting R. Alemany, M. Lamont, S. Page
BLM settings management in LSA
LHC dry-runs (BE-BI view)
PLANNING A SECURE BASELINE INSTALLATION
Configuration of BLETC Module System Parameters Validation
Presentation transcript:

Wojciech Sliwinski BE/CO for the RBAC team 25/04/2013

 Motivation for RBAC  Machine Safety ▪ Enormous energy stored in the LHC magnets and beams ▪ Potential machine damage is a serious concern ▪ Prevent from invoking machine protection systems  Machine Performance ▪ Do not mess with a fine tuned system ▪ Access denied during certain machine states  Commissioning feedback ▪ Hardware and software commissioning ▪ Debugging 25/04/20132W.Sliwinski - Introduction to RBAC

 RBAC infrastructure provided by CO  Does not prevent hackers from doing damage  Protects against human mistakes ▪ A well meaning person from doing wrong thing at the wrong time ▪ An ignorant person from doing anything at anytime  Original scope: LHC machine  Can be deployed anywhere in the Controls Infrastructure  Aims to enhance the overall Machine Safety  Provides Authentication (A1) and Authorization (A2) services  Complements ▪ Hardware Protection (BIS, PIS) ▪ CNIC effort (access control into Technical Network) ▪ MCS (Management of Critical Settings) 25/04/20133W.Sliwinski - Introduction to RBAC

25/04/20134 P. Charrue: RBAC Review ABMB - 02/04/2007 W.Sliwinski - Introduction to RBAC

25/04/20135W.Sliwinski - Introduction to RBAC

25/04/20136 A1 – RBAC Authentication A2 - RBAC Authorization BE Control System W.Sliwinski - Introduction to RBAC

 RBAC has 3 modes  NO-CHECK ▪ As it says, no checks are made  LENIENT ▪ A token is needed ONLY if a property is protected in an access map  STRICT ▪ A token is MANDATORY ▪ All SET properties have to be protected 25/04/20137W.Sliwinski - Introduction to RBAC

 CO  Provides the RBAC tool and the infrastructure (CMW, FESA,...)  Support for OP and Equipment groups  Proposes general recommendations ▪ Naming and usage of Roles ▪ Preparation of Access Rules  OP  OP in collaboration with CO and Equipment groups (LHC Controls Security Panel) defines policy for deployment of RBAC  Equipment groups  Prepare and maintain Access Rules ▪ Following defined policy  Deploy Access Maps 25/04/20138W.Sliwinski - Introduction to RBAC

 Ordinary Roles  Can be assigned to any user  Optionally specify role’s lifetime ▪ Token lifetime bound by role’s lifetime (relative) ▪ Role’s lifetime is global for all assigned users 25/04/2013W.Sliwinski - Introduction to RBAC9 Role’s lifetime

 Temporary Roles (e.g. Piquet Roles)  Assign (e.g. EIC on shift) certain role for duration of intervention  Specify absolute expiration time (short period)  Expiration time registered in CCDB  Token’s lifetime bound by role’s expiration time (absolute)  After expiration, role will not be given any more in a token 25/04/2013W.Sliwinski - Introduction to RBAC10 Role’s expiration time

 Name convention for Piquet Roles  XX-LHC-Piquet (e.g. BT-LHC-Piquet, PO-LHC-Piquet)  NO users in these ROLES except when needed  Requested by OP & PO groups  Hardware interventions during operations  Roles for temporary staff, contractors, etc. 25/04/2013W.Sliwinski - Introduction to RBAC11

 Critical Roles (MCS Roles)  Short lifetime roles with elevated level of access rights  Give access to critical equipment (e.g. BLMs, Kickers, Coll.)  Should be only used by eqp. Experts and selected Operators  MCS Roles already widely used for control of critical equipment  Moreover RBAC provides: ▪ Critical Roles management ▪ Public & Private keys management for Critical Roles ▪ Service for signing the equipment settings  Issues when using Critical Roles  Short role’s lifetime (10 min) bounds the whole token’s lifetime  Not acceptable by users who need valid token for long time ▪ Users have to re-login frequently 25/04/2013W.Sliwinski - Introduction to RBAC12

 Proposed improvements (Java Client & A1 Server)  User always requests Master & Application tokens  Master token’s lifetime is fixed (8h), it represents user’s session  Critical Roles not included in a token after initial login ▪ Critical Role has to be requested explicitly (RolePicker) ▪ Only one Critical Role can be present in a token  Master token’s creation time and role’s lifetime used to verify if a certain Critical Role can be obtained at a given moment ▪ Protection of Critical Roles against malicious and/or accidental use  Requested by OP group 25/04/2013W.Sliwinski - Introduction to RBAC13

 Operator Role  Can always access equipment but only from CCC  Expert Role  NON-OPERATIONAL mode: access from any Location  OPERATIONAL mode: access only from CCC  Piquet Role  Can always access equipment, from any Location  Role is normally empty (not assigned)  EIC assigns it only for a duration of an intervention 25/04/2013W.Sliwinski - Introduction to RBAC14

 Virtual Devices  Convenient way to model non-hardware quantities  Represent non-hardware info using class/device/property model  CCDB – master source of all Device related data  New support for Virtual Devices (DM section)  Extension to CCDB data model  Population via CCDB Data Editor forms  Generic db view for external clients (e.g. import into LSA db)  Possible to define RBAC rules (needed for MCS)  Use cases  SIS (Software Interlock System) Interlock Thresholds  Requires RBAC MCS Role and access rule  Import of virtual devices into LSA db  SIS Interlocks protected by MCS (part of LSA)  Any virtual MCS setting in LSA, DIAMON properties, etc..  More to come... 25/04/2013W.Sliwinski - Introduction to RBAC15

 RBAC is deployed CERN-wise together with CMW & FESA  All major applications have a token  RBAC mode is STRICT for LHC  RBAC mode is LENIENT for the injectors  CO diagnostic and monitoring tool (DIAMON) uses RBAC on the GUI level to protect specific actions (e.g reboot, wreboot, repair) 25/04/201316W.Sliwinski - Introduction to RBAC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.