Abstract
This paper describes the security architecture for a modern cloud-based command and control system. This design could be easily extended to the other aspects of a ground system such as mission planning, mission data processing, and ground terminals, but is being first implemented for the COSMOS C2 product. A ground system's security design needs to be resistant to both internal and external threats, while remaining performant and scalable to ever increasingly sized clusters of satellites. The following design takes a hybrid trust approach providing a level of zero-trust for internal connections, while also providing a strong level of security for external connections. The use of well-defined standards is critical to a robust security implementation. This design focuses on the use of JSON Web Token (JWT) which is an open standard established in RFC7519. The JWT tokens are distributed using the OpenID Connect protocol which is maintained by the OpenID Foundation. OpenID Connect hosted by a Single-Sign-On provider allows a single login to access multiple microservices. Finally, Infrastructure can be further protected by defining strong software communication rules. Any software/service that is not expected to connect to a microservice can be explicitly denied access by specifically defining rules as to what can talk to what. Istio is discussed as a technology to enforce these rules.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
