Security Framework

The VYRA Security Framework provides comprehensive security features for inter-module communication in Docker Swarm environments.

Contents:

• Security Framework Overview
  • Introduction
  • Security Levels Explained
  • Architecture
  • Session Management
  • Replay Attack Prevention
  • Certificate Management (Level 5)
  • Performance Considerations
  • Error Handling
  • Security Monitoing
  • Testing
  • References
• Security Framework Quick Start
  • Installation
  • Server Implementation (5 minutes)
  • Client Implementation (5 minutes)
  • Message Definition (2 minutes)
  • Validation (3 minutes)
  • Complete Example
  • Running the Example
  • Next Steps
  • Common Issues
  • Resources
• Security Framework API Reference
  • Security Levels
  • Security Manager
  • Security Client
  • Security Validato
  • Crypto Helpers
  • Constants
  • ROS2 Interfaces
  • Usage Examples
  • Type Hints
  • Error Handling
  • Testing
  • See Also
• Security Framework Examples
  • Why this layout?
  • Example Index
  • Quick Run
  • Validation Checklist

Overview

The framework implements a 5-level security model:

Security Levels

Level	Name	Features	Use Case
1	NONE	No security	Public information
2	BASIC_AUTH	Module ID verification	Internal networks
3	TIMESTAMP	ID + timestamp validation	Replay attack prevention
4	HMAC	HMAC-SHA256 signatures	Message integrity
5	DIGITAL_SIGNATURE	Certificate-based PKI	Maximum security

Key Features

• Multi-level Security: Choose appropriate security for each operation

• Automatic Metadata: Transparent SafetyMetadata handling

• Session Management: Token-based authentication with expiration

• Replay Protection: Timestamp and nonce validation

• PKI Support: Full certificate infrastructure for Level 5

Quick Start

Server Module

from vyra_base.security.security_manager import SecurityManager
from vyra_base.security.security_levels import SecurityLevel

class MyModule(Node, SecurityManager):
    def __init__(self):
        Node.__init__(self, 'my_module')
        SecurityManager.__init__(
            self,
            max_security_level=SecurityLevel.HMAC
        )

Client Module

from vyra_base.security.security_client import (
    create_security_context,
    SecurePublisher
)

# Request access
response = await client.call_async(request)

# Create context
ctx = create_security_context(
    module_id=str(uuid),
    security_level=response.granted_sl,
    session_token=response.session_token,
    hmac_key=response.hmac_key
)

# Use secure communication
pub = SecurePublisher(node, MsgType, 'topic', ctx)
pub.publish(msg)

Documentation

For detailed documentation, see:

• Security Framework Overview - Complete framework documentation

• Security Framework Quick Start - Integration guide

• Security Framework API Reference - API reference

• Security Framework Examples - Example implementations

Architecture

The VYRA Security Framework follows a client-server architecture:

1. Client Module (SecurityClient) - Requests authentication and sends secure messages

2. Server Module (SecurityManager) - Provides authentication service and manages sessions

3. SecurityValidator - Validates incoming messages on the server side

Flow:

1. Client → Server: RequestAccess

2. Server → Client: Token + HMAC Key

3. Client → Server: Secure Message (with SafetyMetadata)

4. Server → Validato: Validate metadata

5. Validato → Server: Pass/Fail result

Modules

The Security Framework consists of the following modules:

• Security Levels - Defines the 5 security levels and related enums

• Security Manager - Server-side authentication and session management

• Security Client - Client-side wrappers for secure communication

• Security Validato - Validates incoming messages and signatures

• Crypto Helpers - Cryptographic operations (HMAC, RSA, certificates)

For detailed API documentation, see Security Framework API Reference.

Indices and tables

• Stichwortverzeichnis

• Modulindex

• Suche