Politecnico di Torino (logo)

Federated Identity and Access Management for Distributed Multi-Asset Multi-Centre Operations (DO)

Emma Marrocu

Federated Identity and Access Management for Distributed Multi-Asset Multi-Centre Operations (DO).

Rel. Antonio Lioy. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022


The success of space missions greatly depends on the software systems responsible for connecting to, monitoring, and operating the spacecraft, collectively referred to as Mission Operation Infrastructure (MOI). A component of this infrastructure are Mission Control Systems (MCSs), which are in charge of receiving and collecting data from the satellite and issuing it commands. Nowadays, the objective is to shift the space mission operations systems to a distributed environment in order to better serve the demands of various agencies, businesses, and organizations to promote new missions conjunctively. The Distributed Multi-Asset Multi-Centre Operations (DO) project, which is now underway at the European Space Agency (ESA), embodies these goals. Security in a sensitive environment like that of space, where a successful attack might have catastrophic economic and societal repercussions, is more crucial than ever. However, establishing security in a distributed setting poses additional difficulties. Understanding each actor's identity and what they are entitled to perform in regard to a certain mission is essential, especially to enable a genuine collaboration among different authorities. In this context, authentication enters the picture and serves as the foundation for all security decisions, beginning with access control considerations. Therefore, being able to manage identities and permissions securely and conveniently across several domains is the first necessary prerequisite for enabling a tangible and trustworthy sharing of responsibilities in the operation of space missions. In this thesis, a design for a federated identity and access management infrastructure is proposed as a feasible solution, which is able to address the needs raised by the DO project and integrate with its outcomes. The chosen course of action complies with the formal requirements analysis that was conducted during the months of internship at ESA, and it is supported by the confidence attained via a rigorous investigation of the state of the art in terms of security in space systems. The suggested solution is built as a proof of concept that takes into account both the features of federated authentication and of coherent authorization, adopting Keycloak as open-source identity provider and a role-based mechanism with appropriate policies and guidelines for roles definition, transmission, and verification. The proof of concept is validated against its integrability with any MOI system by selecting a functional MCS, namely C2LOCO, to be integrated with the deployed architecture and the results have shown the viability and effectiveness of the work done.

Relators: Antonio Lioy
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 160
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Ente in cotutela: ESOC - European Space Operations Centre (GERMANIA)
Aziende collaboratrici: ESA/ESOC European Space Operation Center
URI: http://webthesis.biblio.polito.it/id/eprint/25611
Modify record (reserved for operators) Modify record (reserved for operators)