SECURE CLIENT TIER FOR THE ACCELERATOR CONTROL SYSTEM

The central part of the Accelerator Control System at Fermilab is a cluster of Java Data Acquisition Engines (DAEs). In order to read or set data, an application needs to connect to one of the DAEs through the plain Remote Method Invocation (RMI) protocol. As the system grew over the past decade, new security concerns appeared. The existing client-server communication protocol failed to meet higher security requirements, because it employs fairly simple rules of authentication and does not support either encryption or data integrity checks. Besides that, the API providing access to all functions of the control system seemed to be too complex for inexperienced client application developers. Therefore, it was decided to introduce an intermediary level in the architecture between DAEs and client applications. This tier, named Secure Controls Framework (SCF), provides security for the client connections and offers new simplified API for Control System access. In the SCF, security features are implemented on the transport level by means of the Kerberos V5 protocol. They include strong user authentication and encryption (or message integrity codes) applied to the network traffic. Special attention was paid to automation of the authentication process and making it less annoying for the users. A generic Kerberos implementation in Java was extended to support various types of ticket caches, including memory caches on Windows and Macs, and implement an automated ticket discovery. The rewritten control's API is based on a new object-oriented data model. Legacy data structures, such as devices, arrays, properties, and scaled values were described as Java classes in a way that simplifies their usage in client applications.