Security in Xbus

For an application integration solution, the capacity to protect itself from attacks, data theft and other kinds of unwanted use is an essential quality. To ensure that protection, authentication via certificates, transport layer encryption and strict authorization management are vital.

A system in which applications just need a login and a password to send data to the bus or receive data from it is not secure enough. Unwanted applications might be able to connect to the bus.

What is more, if the transport layer is not encrypted, network resources might be used by third parties and data flows might be intercepted.

As for authorization management, when a pub-sub system is used to handle which application can convey data to or receive data from which, incoming and outcoming messages should not be stored in the same location in the application integration solution. Indeed, it would enable replay attacks: any application connected to the bus could intercept messages sent to another application and reemit them to saturate the database of the receiving application or send similar messages containing false data.

To address the authentication issue, CloudCrane implemented a public key infrastructure (PKI) in Xbus. Within such infrastructure, emitting and receiving applications prove their identities via an authentication certificate system relying on public and private keys. A certification authority, Xbus in our scenario, delivers the certificates. Xbus administrator thus validates the certificate requests issuing from the applications. Therefore, no application can connect to the bus unless the administrator validates its certificate. The applications only deal with Xbus and vice versa. Applications do not directly exchange any key or certificate.

CloudCrane chose to implement TLS protocol (formerly SSL), which is an encryption standard. TLS protocol uses x.509 certificates to authenticate the applications emitting or receiving messages. It is rather simple to implement for any type of application, libraries being available in many languages.

At first, the way Xbus worked implied applications showed their authentication certificates to NATS. However, NATS server did not use them to manage access rights. Within NATS, access rights were only managed with logins and passwords. Therefore, CloudCrane developed an access rights management feature based on the certificates. The feature now has been merged into NATS standard version by NATS publisher.

The transport layer is encrypted with TLS encryption. NATS server has been merged into Xbus server and the connection is protected. Applications that have not got an authentication certificate validated by Xbus administrator cannot send data through Xbus or NATS.

CloudCrane developed the name space system to manage authorizations in order to avoid message interception or false message delivery among the applications connected to the bus. Special space is dedicated to each account (an account can be used by one or several applications depending on the scenario) in Xbus message box. The messages received by the applications are delivered into each one’s private space. It is therefore impossible for other applications to intercept them. Conversely, the messages sent by the applications are put in different locations according to the emitter. It is easier to identify the emitters and to prevent applications from sending false answers. The name space system leverages the pub-sub system to handle authorizations very precisely. This makes it unnecessary to use micro-services to handle authorizations, preserving Xbus performances.

Therefore, Xbus is secured at all levels:

• Applications have to authenticate to Xbus via TLS certificates,
Publication and subscription authorizations protect messages from other applications connected,
TLS encryption protects Xbus against data interception, attacks and use by unauthorized third-parties.

Talend and MuleSoft solutions include features related to authentication or authorizations as chargeable options. In Xbus, security is not an extra feature but a basic layer.