vf-OS. The Security or the cornerstone of manufacturer's trust
The digital transformation of the classical manufacturing processes is a complex path that needs to account all involved aspects such as people, processes, devices, consumers of information, etc. Among all of them, there is one that stands out and that needs to be adequately covered: security.
A digital factory without a proper security management system is condemned to fail. Such concern is not easy to address as the factory is a wealth of information flows of different nature and therefore with many entry points. In order to protect this ecosystem while maintaining the simplicity and the usability of the system it is necessary to address the security from a global perspective, i.e., modelling the security as a set of information flows that needs to be controlled. To this aim, one should follow the recommendations of international standards, to finally identify, authenticate and authorize all subjects, objects and operations of the system in the most simplest and easiest way.
vf-OS is a project that provides a flexible infrastructure with many desirable features such as the adaptability for developing secure applications to be integrated in real factories, secure-only communication channels between digital assets, and mandatory authorization for all operations on data with a deny policy by default.
All vf-OS all assets are required to provide a manifest file where security information must be declared, working like a border control where it is possible to stop operations, or even installations if these are not duly authorized. The vf-OS platform also provides the capability to control internal communications among assets by using different messaging systems, one for internal communications and another for public communications, both controlled by a central Policy Decision Point where all policies are stored and used to orchestrate the security. When possible, it allows to integrate active policies into real world firewalls with the corresponding management interfaces.
Finally, it is worth mentioning that one of the most remarkable points in vf-OS, is that the use of a small set of communication protocols (HTTP REST, AMQP) simplifies the security management, and as a consequence, the attack Surface is also reduced and limited.