Designing Security-Hardened Microkernels For Field Devices

  • Jeffrey Hieb
  • James Graham
Conference paper
Part of the The International Federation for Information Processing book series (IFIPAICT, volume 290)

Distributed control systems (DCSs) play an essential role in the operation of critical infrastructures. Perimeter field devices are important DCS components that measure physical process parameters and perform control actions. Modern field devices are vulnerable to cyber attacks due to their increased adoption of commodity technologies and that fact that control networks are no longer isolated. This paper describes an approach for creating security-hardened field devices using operating system microkernels that isolate vital field device operations from untrusted network-accessible applications. The approach, which is influenced by the MILS and Nizza architectures, is implemented in a prototype field device. Whereas, previous microkernel-based implementations have been plagued by poor inter-process communication (IPC) performance, the prototype exhibits an average IPC overhead for protected device calls of 64.59 μs. The overall performance of field devices is influenced by several factors; nevertheless, the observed IPC overhead is low enough to encourage the continued development of the prototype.


Distributed control systems field devices microkernels security 


  1. 1.
    J. Alves-Foss, C. Taylor and P. Oman, A multi-layered approach to security in high assurance systems, Proceedings of the Thirty-Seventh Annual Hawaii International Conference on System Sciences, pp. 302–311, 2004.Google Scholar
  2. 2.
    B. Guffy and J. Graham, Evaluation of MILS and Reduced Kernel Security Concepts for SCADA Remote Terminal Units, Technical Report TR-ISRL-06-02, Intelligent Systems Research Laboratory, Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky, 2006.Google Scholar
  3. 3.
    Gumstix, Products, Portola Valley, California ( ucts.html).Google Scholar
  4. 4.
    N. Hanebutte, P. Oman, M. Loosbrock, A. Holland, W. Harrison and J. Alves-Foss, Software mediators for transparent channel control in unbounded environments, Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 201–206, 2005.Google Scholar
  5. 5.
    H. Hartig, M. Hohmuth, N. Feske, C. Helmuth, A. Lackorzynski, F. Mehn-ert and M. Peter, The Nizza secure-system architecture, Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2005.Google Scholar
  6. 6.
    J. Hieb and J. Graham, Security-enhanced remote terminal units for SCADA networks, Proceedings of Nineteenth ISCA International Conference on Computer Applications in Industry and Engineering, pp. 271–276, 2006.Google Scholar
  7. 7.
    J. Hieb, S. Patel and J. Graham, Security enhancements for distributed control systems, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 133–146, 2007.CrossRefGoogle Scholar
  8. 8.
    V. Igure, S. Laughter and R. Williams, Security issues in SCADA networks, Computers and Security, vol. 25(7), pp. 498–506, 2006.CrossRefGoogle Scholar
  9. 9.
    J. Liedtke, On micro-kernel construction, ACM SIGOPS Operating Systems Review, vol. 29(5), pp. 237–250, 1995.CrossRefGoogle Scholar
  10. 10.
    A. Miller, Trends in process control systems security, IEEE Security and Privacy, vol. 3(5), pp. 57–60, 2005.CrossRefGoogle Scholar
  11. 11.
    National ICT Australia, Project Iguana, Eveleigh, Australia ( Scholar
  12. 12.
    Open Kernel Labs, Products, Chicago, Illinois ( Scholar
  13. 13.
    L. Singaravelu, C. Pu, H. Hartig and C. Helmuth, Reducing TCB complexity for security-sensitive applications: Three case studies, ACM SIGOPS Systems Review, vol. 40(4), pp. 161–174, 2006.CrossRefGoogle Scholar
  14. 14.
    A. Tanenbaum, J. Herder and H. Bos, Can we make operating systems reliable and secure? IEEE Computer, vol. 39(5), pp. 44–51, 2006.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Jeffrey Hieb
    • 1
  • James Graham
    • 1
  1. 1.University of LouisvilleLouisvilleUSA

Personalised recommendations