Presentation is loading. Please wait.

Presentation is loading. Please wait.

V. Kain – eLTC – 7March08 1 V.Kain, S. Gysin, G. Kruk, M. Lamont, J. Netzel, A. Rey, W. Sliwinski, M. Sobczak, J. Wenninger LSA & Safety - RBAC, MCS Roled.

Published byJoel Lamb Modified over 8 years ago

Similar presentations

Presentation on theme: "V. Kain – eLTC – 7March08 1 V.Kain, S. Gysin, G. Kruk, M. Lamont, J. Netzel, A. Rey, W. Sliwinski, M. Sobczak, J. Wenninger LSA & Safety - RBAC, MCS Roled."— Presentation transcript:

1 V. Kain – eLTC – 7March08 1 V.Kain, S. Gysin, G. Kruk, M. Lamont, J. Netzel, A. Rey, W. Sliwinski, M. Sobczak, J. Wenninger LSA & Safety - RBAC, MCS Roled Based Access Control (RBAC) –How to protect equipment properties from unauthorized access Management of Critical Settings (MCS) –How to protect settings from changes by unauthorized personnel

2 V. Kain – eLTC – 7March08 2 Contents Introduction of concepts – VK Integration of RBAC and MCS in the LHC control system – W. Sliwinski

3 V. Kain – eLTC – 7March08 3 Motivation – LSA Security (1) Operational errors can lead to magnet quenches → long recovery times → impact on machine performance Enormous energy stored in magnets and beams → uncontrolled release of this energy can lead to serious damage of equipment → even longer down-times To cope with this: Machine Protection Systems Plus: the requirement for a cultural change during LHC operation –We will have to get used to login dialogs

4 V. Kain – eLTC – 7March08 4 Motivation – LSA Security (2) Need to prevent: –Well meaning person from doing the wrong thing at the wrong moment –Ignorant person from doing anything at any moment Need to provide: –Critical parameters which can compromise the safety of the machine are what they are supposed be and can only be changed by an authorized person and nobody else Role Based Access Management of Critical Settings

5 V. Kain – eLTC – 7March08 5 Role Based Access Control (RBAC) LAFS collaboration – S. Gysin RBAC works by giving people ROLES and assigning ROLES PERMISSIONS to access device properties So, it provides means for –AUTHENTICATION Interfaces to NICE DB: login with nice ID and password The Roles for that user name are allocated An RBAC token is issued –AUTHORISATION Access Maps are built by the equipment owners/responsible which are stored on the front-ends Access maps contain the Access Rules RBAC is part of CMW

6 V. Kain – eLTC – 7March08 6 Management of Roles and Rules Each role has an administrator –Administrator is responsible for keeping membership up-to-date Each equipment class has an administrator – equipment owners –The administrator defines the rules for certain roles

7 V. Kain – eLTC – 7March08 7 Management of Critical Settings (MCS) Management of Critical Settings provides: –Critical parameters which can compromise the safety of the machine are what they are supposed be and can only be changed by an authorized person and nobody else – needs Authentication – needs Authorization –…and to be able to verify that value of the critical parameters has not changed since the authorized person has updated it –Through maliciousness – hacking –Through data corruption – radiation,… MCS signs the data with a unique signature MCS uses RBAC and public-private key digital signatures MCS uses RBAC

8 V. Kain – eLTC – 7March08 8 MCS – Digital Signatures RBAC does the key management for MCS: generation, storage, management –Concept of Critical Roles: a role associated with a unique public-private key pair. Naming convention “MCS-xyz” RBAC extended its original scope to a large extend for MCS –RBAC signs for MCS Private key ….is secret. Only the authorized person can use it. Public key…everybody can have it. Stored on the front-end in a configuration file with the definition of the critical property. Critical setting

9 V. Kain – eLTC – 7March08 9 RBAC for MCS Public key from RBAC for MCS-CNGS: Sun RSA public key, 512 bits modulus: 822051788094408479372688686168452181258355438054036212654155680312497982110513545442424281504918237688 8878842206424573705934510869455619570409135604472299 public exponent: 65537

10 V. Kain – eLTC – 7March08 10 What is a critical setting? A critical setting is an LSA setting stored in the LSA DB with the attribute “critical” and with a signature field The integrity of a critical setting in the LSA DB can always be verified: – LSA DB is the “TRUE” source for critical settings Critical settings in the LSA DB are compared against critical settings in the hardware → SIS, sequencer LSA Check done by SIS or sequencer Anybody can get the public key (SIS, sequencer). Private key only through the correct role.

11 V. Kain – eLTC – 7March08 11 How do settings become critical settings? A critical role has to exist associated to the setting –Contact a person with the Critical-Property-Admin role –Define an administrator for your critical role to add the users Define an access rule for your equipment class, device, “critical” property (access mode: set) The setting is not automatically critical with a critical role!!! It needs to be set critical in LSA!! LSA is the master. See Wojtek’s talk…

12 V. Kain – eLTC – 7March08 12 Which critical settings are/will there be at LHC start-up? Critical settingComment Collimator and passive protection device limit functions Multiplexed, actual settings and functions; FESA front-ends; read-write LHC BLM applied tables Non-multiplexed, matrices, FESA front-ends; read- write LBDS XPOC references Non-multiplexed, 22 critical multi-field (multi-type) properties per virtual device (spring server), 1 device per beam; read-write LBDS look-up tables Non-multiplexed, FESA front-end, read, write to DB only Safe machine parametersNon-multiplexed, FESA front-end; read-write BIS configurationsNon-multiplexed, read, write to DB only MKI injections kickers Non-multiplexed, FESA front-end, delay, kick voltage, length; read-write Point 6 interlocked BPMsNon-multiplexed, FESA front-end; read-write SPS-LHC transferMultiplexed/Non-multiplexed, FESA front-ends, read- write: BLMI, BPCEs, power converter current references and tolerances

13 V. Kain – eLTC – 7March08 13 MCS-Testing (1) Each feature of MCS is associated with a test. A required outcome of the test is specified. “Final” overall test after LSA refactoring middle of April.

14 V. Kain – eLTC – 7March08 14 MCS-Testing (2) We have test FESA devices (MCS_Test, MCS_Test2) and test critical roles We test any type of data format to be signed, sent via the network and signatures verified in the DB and the front-ends (JAVA to C++)

15 V. Kain – eLTC – 7March08 15 First experience with interlocked BPMs in CNGS

16 V. Kain – eLTC – 7March08 16 Documentation For users For equipment owners For application developers –Role Based Access Control http://wikis/display/LAFS/Role-Based+Access+Control –Management of Critical Settings http://wikis/display/LSA/MCS+-+Management+of+Critical+Settings

17 V. Kain – eLTC – 7March08 17 Wojtek’s talk…

Download ppt "V. Kain – eLTC – 7March08 1 V.Kain, S. Gysin, G. Kruk, M. Lamont, J. Netzel, A. Rey, W. Sliwinski, M. Sobczak, J. Wenninger LSA & Safety - RBAC, MCS Roled."

Similar presentations

Hive Security Yongqiang He Software Engineer Facebook Data Infrastructure Team.

Hive Security Yongqiang He Software Engineer Facebook Data Infrastructure Team.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.

THE DICOM 2014 Chengdu Workshop August 25, 2014 Chengdu, China Keeping It Safe Brad Genereaux, Agfa HealthCare Product Manager Industry Co-Chair, DICOM.
Module 8 ********* Data Validation & Security Workforce Information Database Training Last update November 2006.

Module 8 ********* Data Validation & Security Workforce Information Database Training Last update November 2006.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )

MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Identity Management and DNS Services Tianyi XING.

Identity Management and DNS Services Tianyi XING.

Similar presentations

Ads by Google