Platform Security

There are various security-related topics throughout VOLTTRON’s documentation. This is a quick roadmap for finding security documentation.

A core component of VOLTTRON is its message bus. The security of this message bus is crucial to the entire system. The VOLTTRON Interconnect Protocol provides communication over the message bus.

VIP was built with security in mind from the ground up. VIP uses encrypted channels and enforces agent authentication by default for all network communication. VIP’s authorization mechanism allows system administrators to limit agent capabilities with fine granularity.

Even with these security mechanisms built into VOLTTRON, it is important for system administrators to harden VOLTTRON’s underlying OS.

The VOLTTRON team has engaged with PNNL’s Secure Software Central team to create a threat profile document. You can read about the threat assessment findings and how the VOLTTRON team is addressing them here: SSC Threat Profile

Additional documentation related to VIP authentication and authorization is available here:

• Key Stores
  • Key Store Locations
  • Generating a Key Store
• Known Hosts File
  • Saving a Server Key
  • Server Key for Local Platforms
  • Know-Host-File Details
    • File Location
    • File Contents
• Running Agents as Unix Users
  • Setup agents to run using unique users
  • Creating new Agents
  • Changes to existing agents in secure mode
  • Porting existing VOLTTRON home to secure mode