Beams Document 2040-v1

DocDB Home ]  [ Search ] [ Last 20 Days ] [ List Authors ] [ List Topics ] [ List Events ]

Secure Client Tier for the Accelerator Control System

Document #:
Beams-doc-2040-v1
Document type:
Talk
Submitted by:
Andrey Petrov
Updated by:
Andrey Petrov
Document Created:
06 Dec 2005, 13:02
Contents Revised:
06 Dec 2005, 13:02
Metadata Revised:
06 Dec 2005, 13:02
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Abstract:
The central part of the Accelerator Control System at Fermilab is a cluster of Java Data Acquisition
Engines (DAEs). In order to read or set data, an application needs to connect to one of the DAEs
through the plain Remote Method Invocation (RMI) protocol. As the system grew over the past
decade, new security concerns appeared. The existing clientserver
communication protocol failed to
meet higher security requirements, because it employs fairly simple rules of authentication and does
not support either encryption or data integrity checks. Besides that, the API providing access to all
functions of the control system seemed to be too complex for inexperienced client application
developers. Therefore, it was decided to introduce an intermediary level in the architecture between
DAEs and client applications. This tier, named Secure Controls Framework (SCF), provides security
for the client connections and offers new simplified API for Control System access. In the SCF,
security features are implemented on the transport level by means of the Kerberos V5 protocol. They
include strong user authentication and encryption (or message integrity codes) applied to the network
traffic. Special attention was paid to automation of the authentication process and making it less
annoying for the users. A generic Kerberos implementation in Java was extended to support various
types of ticket caches, including memory caches on Windows and Macs, and implement an automated
ticket discovery. The rewritten control's API is based on a new objectoriented
data model. Legacy
data structures, such as devices, arrays, properties, and scaled values were described as Java classes in
a way that simplifies their usage in client applications.
Files in Document:
Keywords:
Java Kerberos
Publication Information:
Talk on ICALEPCS 2005
DocDB Home ]  [ Search ] [ Last 20 Days ] [ List Authors ] [ List Topics ] [ List Events ]

DocDB Version 8.8.9, contact Beams Document Database Administrators