Distributed control systems (DCSs) play an essential role in the operation of critical infrastructures. Perimeter field devices are important DCS components that measure physical process parameters and perform control actions. Modern field devices are vulnerable to cyber attacks due to their increased adoption of commodity technologies and that fact that control networks are no longer isolated. This paper describes an approach for creating security-hardened field devices using operating system microkernels that isolate vital field device operations from untrusted network-accessible applications. The approach, which is influenced by the MILS and Nizza architectures, is implemented in a prototype field device. Whereas, previous microkernel-based implementations have been plagued by poor inter-process communication (IPC) performance, the prototype exhibits an average IPC overhead for protected device calls of 64.59 μs. The overall performance of field devices is influenced by several factors; nevertheless, the observed IPC overhead is low enough to encourage the continued development of the prototype.
Chapter PDF
Similar content being viewed by others
References
J. Alves-Foss, C. Taylor and P. Oman, A multi-layered approach to security in high assurance systems, Proceedings of the Thirty-Seventh Annual Hawaii International Conference on System Sciences, pp. 302–311, 2004.
B. Guffy and J. Graham, Evaluation of MILS and Reduced Kernel Security Concepts for SCADA Remote Terminal Units, Technical Report TR-ISRL-06-02, Intelligent Systems Research Laboratory, Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky, 2006.
Gumstix, Products, Portola Valley, California (www.gumstix.com/prod ucts.html).
N. Hanebutte, P. Oman, M. Loosbrock, A. Holland, W. Harrison and J. Alves-Foss, Software mediators for transparent channel control in unbounded environments, Proceedings of the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 201–206, 2005.
H. Hartig, M. Hohmuth, N. Feske, C. Helmuth, A. Lackorzynski, F. Mehn-ert and M. Peter, The Nizza secure-system architecture, Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2005.
J. Hieb and J. Graham, Security-enhanced remote terminal units for SCADA networks, Proceedings of Nineteenth ISCA International Conference on Computer Applications in Industry and Engineering, pp. 271–276, 2006.
J. Hieb, S. Patel and J. Graham, Security enhancements for distributed control systems, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 133–146, 2007.
V. Igure, S. Laughter and R. Williams, Security issues in SCADA networks, Computers and Security, vol. 25(7), pp. 498–506, 2006.
J. Liedtke, On micro-kernel construction, ACM SIGOPS Operating Systems Review, vol. 29(5), pp. 237–250, 1995.
A. Miller, Trends in process control systems security, IEEE Security and Privacy, vol. 3(5), pp. 57–60, 2005.
National ICT Australia, Project Iguana, Eveleigh, Australia (ertos.nicta.com.au/software/kenge/iguana-project/latest).
Open Kernel Labs, Products, Chicago, Illinois (www.ok-labs.com).
L. Singaravelu, C. Pu, H. Hartig and C. Helmuth, Reducing TCB complexity for security-sensitive applications: Three case studies, ACM SIGOPS Systems Review, vol. 40(4), pp. 161–174, 2006.
A. Tanenbaum, J. Herder and H. Bos, Can we make operating systems reliable and secure? IEEE Computer, vol. 39(5), pp. 44–51, 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hieb, J., Graham, J. (2008). Designing Security-Hardened Microkernels For Field Devices. In: Papa, M., Shenoi, S. (eds) Critical Infrastructure Protection II. ICCIP 2008. The International Federation for Information Processing, vol 290. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88523-0_10
Download citation
DOI: https://doi.org/10.1007/978-0-387-88523-0_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88522-3
Online ISBN: 978-0-387-88523-0
eBook Packages: Computer ScienceComputer Science (R0)