Data Distribution Service: An Overview Part 1
In this three-part series, we focus on Data Distribution Service (DDS), which drives systems such as railways, autonomous cars, spacecraft, diagnostic imaging machines, luggage handling, and military tanks, among others. We’ll also explore the current status of DDS and highlight recommendations enterprises can take to minimize the threats associated with this middleware.
But first, let’s discuss what DDS is and how it is applied in various industries.
Overview
DDS is a standardized middleware software based on the publish-subscribe paradigm, helping the development of middleware layers for machine-to-machine communication. This software is integral especially to embedded systems or applications with real-time requirements. Maintained by the Object Management Group (OMG),7 DDS is used in all classes of critical applications to implement a reliable communication layer between sensors, controllers, and actuators.
DDS is at the beginning of the software supply chain, making it easy to lose track of and is an attractive target for attackers. Notably, the following companies and agencies use DDS (note that this is not an exhaustive list of currently using this technology):
- National Aeronautics and Space Administration (NASA) at the Kennedy Space Center
- Siemens in wind power plants
- Volkswagen and Bosch for autonomous valet parking systems
- Nav Canada and European CoFlight for air-traffic control
From a software development standpoint, DDS is also a communication middleware used for the interoperability of processes across machines in all main programming languages. Moreover, DDS is a data-centric publish-subscribe communication protocol that allows developers to build a flexible shared data “space” for virtually any application requiring two or more nodes to exchange typed data.
From a programmer’s perspective, DDS is a powerful application programming interface (API). On top of the plain byte-streams and C-strings, DDS supports serialization and deserialization of any built-in or custom data type through a dedicated interface definition language (IDL).
DDS Applications
DDS is the foundation of other industry standards, like OpenFMB for smart-grid applications and Adaptive AUTOSAR. The Robot Operating System 2 (ROS 2), the de facto OS for robotics and automation, uses DDS as the default middleware.
DDS, along with Real-Time Publish-Subscribe (RTPS), is used to implement industry-grade middleware layers for mission critical applications. For example, when the artificial intelligence (AI) of an autonomous car needs to issue a “turn left” command, DDS is used to transport the command from the electronic control unit (ECU) down to the steering servo motors.
Here is a list of examples where DDS is used in critical industries, including external resources offering estimates on how many devices in each sector exist or are expected to exist in the near future:
Sector |
Example Use Cases |
Notable Users |
Telecommunications and networks |
• Software-defined networking (SDNs) technologies •Appliance Life Cycle •Management (LCM) tools, including 5G |
• Fujitsu |
Defense |
• Command and control (C&C) systems • Navigation and radar systems • Launch systems |
• National Aeronautics and Space Administration (NASA) • NATO Generic Vehicle Architecture (NGVA)15 • Spanish Army |
Virtualization & Cloud |
• Inter- and intra-communications of security operations centers (SOC) |
• NVIDIA |
Energy |
• Power generation and distribution • Research |
• GE Healthcare • Medical Device Plug-and- Play interoperability program (MD PnP) |
Mining |
• Precision mining • Mining system automation • Geological modeling |
• Komatsu • Plotlogic • Atlas Copco |
Industrial internet of things (IIoT) and robotics |
• Universal middleware |
• Robot Operating System (ROS 2) • AWS RoboMaker • iRobot |
Public and private transportation |
• Autonomous vehicles • Air traffic control (ATC) • Railway management and • Control |
• Volkswagen and Bosch16 • Coflight Consortium (Thales, Selex-SI) • Nav Canada |
Examining DDS Attack Feasibility
Our expert team of researchers analyzed the DDS standard and discovered multiple security vulnerabilities. Thirteen were given new CVE IDs in November 2021 from the six most common DDS implementations, plus one vulnerability in the standard specifications.