LOGO 049 Security Monitoring and Control of the Re engineered Hubble Space Telescope Control Center System Caleb Principe NASA Goddard Space Flight Center Larry Barrett Orbital Sciences Corporation Thomas Buchanan QSS Group Inc Jay Lockwood Lockwood Software LOGO 049 CCS Overview u u Hubble Space Telescope HST Control Center System CCS is one component of a larger more complex spacecraft management system CCS provides the following functions Spacecraft Communications Coordination Spacecraft Commanding Spacecraft Health and Safety Analysis u CCS does not perform Scheduling of Spacecraft Observations or Resources Processing or Distribution of Downlinked Science Data February 25 1998 2 LOGO 049 CCS Overview HST Test Facilities HST Communications Shuttle JSC Electrical Simulation VEST VSTIF Flight S W DASDF ESTIF Science Instrument SITS Core SM SEER SMOR DSN WSC TDRS NCC UTC UPS Control Center System CCS HSTNet HST Users HST Contingency UTC HST Customer GSFC Center Network Environment CNE WSC DSN Backup CCS STScI Planning Scheduling JSC Internet Remote Users Science Data Processing NCC UPS February 25 1998 P S Local Users Public Users 3 LOGO 049 Goals of CCS Re engineering u Significantly Reduce Cost of Operations by u streamlining business processes for normal operations automating routine and repetitive operational procedures providing secure remote access to system resources maximizing utilization of spacecraft resources Reduce Maintenance Costs by utilizing state of the practice technologies and methods adhering to government and industry standards in development cost effective use of off the shelf OTS components building fault tolerance into the system architecture February 25 1998 4 LOGO 049 System Concept Drivers u Architectural modular and extensible to facilitate maintenance and reuse scaleable to allow deployment of functional subsets u Operational automate ground system operations provide manual override engineering expertise captured in on line knowledge bases u Developmental integrated development environment established to maximize productivity integrated product team IPT based organization instituted to minimize implementation errors February 25 1998 5 LOGO 049 Target Environments u Operational Environments Highly distributed server class processors used for F Spacecraft control and monitoring F CCS system maintenance u Test Facilities Small number of co resident processors used for F Flight software development F Spacecraft anomaly isolation and resolution u Stand alone Configurations Single processor configuration used for F Science instrument development and check out February 25 1998 6 LOGO 049 CCS System Architecture u System partitioned into three functional segments Command and Communications Engineering Data Processing User Workstations u Logical Processor concept used to enable scaleability highly cohesive set of functions decoupled through use of middleware independent of physical nodes u Data Driven architecture supports tailoring and reuse configuration database drives most system functionality February 25 1998 7 LOGO 049 CCS System Architecture WS WS Front End Processor Data Server Core Network Application Server Firewall Backbone Network Application Server GUI Server Spacecraft Commanding Communications Management Data Server Spacecraft Monitoring Analysis and Trending Firewall GUI Server Engineering Data Archive Ground System Management Public Web Server Internet Firewall HSTNet Test Facilities February 25 1998 WS 8 LOGO 049 Development Methodology u Hybrid methodology established using best of u Business Process Re engineering Top Down Functional Decomposition with Data Flow Analysis Thread based Dynamic Behavior Models Object Oriented Analysis Design Entity Relationship Modeling Methods adopted with elements from waterfall incremental and spiral approaches Applied method that best fit the development of the target product Development Environment Tools tailored to support project specific needs February 25 1998 9 LOGO 049 Technological Enablers u Middleware Encapsulates interprocess communication methods Nameserver provides directory of software applications u Security Firewalls Applications unaware of Firewall in communication path Unnecessary for reduced configurations u Web Servers and Browsers Common user interface across multiple workstation platforms u Automated System Monitors Distributed resource monitoring and failover support February 25 1998 10 LOGO 049 OTS Component Integration u Functional prototyping used to assess candidate products Provided method of identifying best of breed u Primary selection criteria included u adherence to appropriate standards scaleability maintainability compatibility with other products Encapsulation used to insulate applications from OTS product features Rogue Wave libraries and custom software used February 25 1998 11 LOGO 049 Security Considerations u Security built in from the beginning Guideline Prohibit what is not explicitly allowed Drove network topology and functional allocation Eliminated some OTS products from consideration u Implementing security concurrently with applications simplified system integration process Stateful inspection firewall technology supported scaleability Security concerns detected and corrected immediately u Functional access controls implemented at application level February 25 1998 12 LOGO 049 Functional Security Architecture Performs User Requested Function Queries ACP about User Privileges Initiates Login Logout Processing Restricts User Functional Access Restricts Source of Connection Passes only Recognized Protocols Supports Strong Authentication Mechanisms System Function Request and Response CCS Application Secured LInk via Encryption GUI Server Validate Access to Privileged Sub functions Access Control Process ACP Supports Secured Link Security Firewall User Workstation Validate Login and Logout Requests User Security Profile Information Establishes User Sessions at Login Manages User Security Profiles Provides User Privilege Information to Specific Applications February 25 1998 13 LOGO 049 System Management Approach u Application dependency information used to automate startup and failover sequences allows system to operate in multiple valid configurations u Local monitoring of each resource performed COTS products used to monitor system resources and applications u Centralized analysis engine used to identify and recover from suspected failure conditions Knowledge