1 / 11

SciDAC SSS Secure Wire Protocol and Cplant Interface

SciDAC SSS Secure Wire Protocol and Cplant Interface. SciDAC SSS Face-To-Face Erik P. DeBenedictis February 21, 2002. Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy under contract DE-AC04-94AL85000.

tess
Download Presentation

SciDAC SSS Secure Wire Protocol and Cplant Interface

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SciDAC SSSSecure Wire ProtocolandCplant Interface SciDAC SSS Face-To-Face Erik P. DeBenedictis February 21, 2002 Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy under contract DE-AC04-94AL85000.

  2. Dual Mode Accepts XML For machine-to-machine communications Accepts HTML-Embedded XML For testingand humaninteraction XML & Browser <XML> <XML> GET /form?XML HTTP/1.0 <PRE>XML</PRE>

  3. Secure Wire Protocol ClientPrivateKey ServerPrivateKey Client 1 Public KeyClient 2 Public Key Encrypted Communications

  4. Example

  5. C++ OpenSSL For security 128 bit encryption RC4 Certificates Server Client Stream XML parser Wrote it ourselves Doesn’t wait for close controversial UserID and Password Server needs to log in as user before executing command Not done now Security Plan Can be written Requires commitment Unused modes of access get closed by Sandia security in spite of security plans Technology Employed

  6. XML Process Launcher • Receive an XML encoded command via a web form. • Parse the XML to extract the command • SSL Encryption adds security.

  7. Sequence of Server Actions • User establishes a HTTPS connection with Server. • Server transmits a form with an XML command framework filled in. • User submits their command. • Server receives XML & Parses it. • Server walks the parse tree to determine appropriate action. • Server executes user request • Server transmits results to user via HTTPS connection.

  8. CPlant XML Web Server User Web form submission execution raw result result formatted and returned via browser Simplified Interaction Timeline

  9. What You See XML A test schema Encapsulated in HTML Input

  10. What You See Response to XML command Encapsulated in HTML Not Done Yet Parsing and encapsulating theresult Output

  11. Approach Works Work devoted to C++, SSL, XML SAX parser paid off Browser interface good Demos GUI to Cplant For wimps who don’t want to do everything with telnet Future control console Need Commitment I can write a security plan But I will be asked “is it necessary” If I say “SourceForge might work too” it won’t get approved Need a mandate to proceed Should do doable in this case Conclusions and Future Work

More Related