The key feature of this release is the support for the core of DDS Security 1.1: authentication, access control and encryption. The other significant change is the much improved behaviour for very large samples: an improved retransmit strategy reduces the number of unnecessary retransmits and eliminates the sometimes excessive latencies.
DDS Security defines a set of plug-in interfaces and protocol hooks that are part of the core DDS implementation and a set of "default" plug-ins that users may expect the DDS implementation to provide, but they can also provide their own plug-ins. The default plug-ins rely on standard cryptographical techniques (AES for symmetric encryption, Diffie-Hellman key exchange, etc.) and are typically sufficient for protecting a DDS system.
One can choose at build-time whether to include the interfaces and protocol hooks in the core of Cyclone DDS. Leaving it out significantly reduces the size of the code and brings a tiny performance improvement. If security supported is compiled out, the DDS_HAS_SECURITY macro will be undefined (otherwise it is defined to 1) and any attempt at creating a participant with security settings will be rejected with a "precondition not met" failure.
A lot of effort has gone into testing and checking that malformed or unexpected messages are handled correctly, that message authentication codes are checked and that no data never goes out unencrypted by accident. Still, it is significant amount of code and it is only prudent to assume the worst for a new implementation of such a complex specification.
Name | Date | Description |
---|---|---|
Release candidate 1 | 2020/07/22 |