SU14: Remote Access
This service package allows system operators and other ITS users to access user interfaces remotely, using a local device to provide secure remote access via a Virtual Private Network (VPN). Through this mechanism, an operator can 'operate' a system from a remote location, as if he were physically in the center.
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
Source | Destination | Role/Relationship |
---|---|---|
Center Maintainer | Center | Maintains |
Center Manager | Center | Manages |
Center Manager | Center Personnel | System Usage Agreement |
Center Owner | Center Maintainer | System Maintenance Agreement |
Center Owner | Center Manager | Operations Agreement |
Center Owner | Remote Access Device Owner | Information Exchange Agreement |
Center Personnel | Center | Operates |
Center Personnel | Remote Access Device | Operates |
Center Supplier | Center Owner | Warranty |
Remote Access Device Maintainer | Remote Access Device | Maintains |
Remote Access Device Manager | Center Personnel | System Usage Agreement |
Remote Access Device Manager | Remote Access Device | Manages |
Remote Access Device Owner | Center Owner | Information Exchange and Action Agreement |
Remote Access Device Owner | Remote Access Device Maintainer | System Maintenance Agreement |
Remote Access Device Owner | Remote Access Device Manager | Operations Agreement |
Remote Access Device Supplier | Remote Access Device Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
Physical Object | Functional Object | PSpec Number | PSpec Name |
---|
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
Physical Object | Class | Description |
---|---|---|
Center | Center | This general physical object is used to model core capabilities that are common to any center. |
Center Personnel | Center | 'Center Personnel' represent system operators and other personnel that work within a transportation center. This interface supports modeling of general human interactions that are common to any center. |
Remote Access Device | Personal | The 'Remote Access Device' allows a system operator/user outside a physical center to remotely access a center or support system and interact with that system as if the operator was in the center. This requires a secure, authenticated Virtual Private Network (VPN) connection between the Remote Access Device and the center or support system. |
Includes Functional Objects:
Functional Object | Description | Physical Object |
---|---|---|
Center Remote Access | 'Center Remote Access' provides remote access to system operators outside the center. | Center |
Remote Access | 'Remote Access' provides remote access to system operators outside the center, allowing a remote system operator to interact with a center or support system as if he were local. | Remote Access Device |
Includes Information Flows:
Information Flow | Description |
---|---|
center operator data | Data presented to a center operator. This flow represents general status output and other data that broadly applies to transportation centers. |
center operator input | Input from a center operator. This flow represents operator input that broadly applies to transportation centers. |
secure center operator data | Operator data normally provided to a local operator within a center. In this case, the data is provided securely to a remote operator via VPN. |
secure center operator input | Operator inputs provided via VPN to a remote center. |
Goals and Objectives
Associated Planning Factors and Goals
Planning Factor | Goal |
---|
Associated Objective Categories
Objective Category |
---|
Associated Objectives and Performance Measures
Objective | Performance Measure |
---|
Needs and Requirements
Need | Functional Object | Requirement | ||
---|---|---|---|---|
01 | System operators need to securely interact with their center or support system while operating remotely. | Center Remote Access | 01 | The Center shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote operator via their Remote Access Device. |
02 | The Center shall receive operator commands from the Remote Access Device over the VPN and execute those commands locally | |||
03 | The Center shall forward all display updates via the VPN to the Remote Access Device. | |||
04 | The Center shall close the VPN session and the connection when the remote operator logs out. | |||
Remote Access | 01 | The Remote Access Device shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote system. | ||
02 | The Remote Access Device shall accept user commands for the remote system and provide these commands securely over the VPN. | |||
03 | The Remote Access Device shall receive all remote display updates and provide these updates to the operator. | |||
04 | The Remote Access Device shall close the VPN session and the connection when the operator logs out. | |||
05 | The device shall present decrypted information received from the remote service to the operator. | |||
06 | The device shall accept information from the operator. | |||
07 | The device shall accept encrypted information from the remote service. | |||
08 | The device shall provide information received from the operator to the remote service in encrypted form. |
Related Sources
- None
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
Physical Object Security | ||||
---|---|---|---|---|
Physical Object | Confidentiality | Integrity | Availability | Security Class |
Center | Moderate | Moderate | Moderate | Class 2 |
Remote Access Device | Moderate | Moderate | Moderate | Class 2 |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
Information Flow Security | |||||
---|---|---|---|---|---|
Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
Basis | Basis | Basis | |||
Center | Remote Access Device | secure center operator data | Moderate | Moderate | Moderate |
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
Center Personnel | Remote Access Device | center operator input | Moderate | Moderate | Moderate |
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
Remote Access Device | Center | secure center operator input | Moderate | Moderate | Moderate |
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
Remote Access Device | Center Personnel | center operator data | Moderate | Moderate | Moderate |
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. |
Standards
Currently, there are no standards associated with the physical objects in this service package. For standards related to interfaces, see the specific information flow triple pages.
System Requirements
System Requirement | Need | ||
---|---|---|---|
001 | The system shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote operator via their Remote Access Device. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
002 | The system shall receive operator commands from the Remote Access Device over the VPN and execute those commands locally | 01 | System operators need to securely interact with their center or support system while operating remotely. |
003 | The system shall forward all display updates via the VPN to the Remote Access Device. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
004 | The system shall close the VPN session and the connection when the remote operator logs out. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
005 | The system shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote system. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
006 | The system shall present decrypted information received from the remote service to the operator. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
007 | The system shall accept user commands for the remote system and provide these commands securely over the VPN. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
008 | The system shall provide information received from the operator to the remote service in encrypted form. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
009 | The system shall receive all remote display updates and provide these updates to the operator. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
010 | The system shall accept information from the operator. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
011 | The system shall close the VPN session and the connection when the operator logs out. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
012 | The system shall accept encrypted information from the remote service. | 01 | System operators need to securely interact with their center or support system while operating remotely. |