The ANDIX research OS — ARM TrustZone meets industrial control systems security

Security by isolation is a longstanding, widely applied, and useful paradigm for achieving security goals such as data and code integrity, confidentiality, and availability. Security by isolation can be used to create Trusted Execution Environments. These environments provide specific security guarantees to the information processing taking place therein. In an Industrial Control System secure control setting using this approach allows, for example, protecting the integrity of a control algorithm against unauthorized modification and secure monitoring of the veracity of received inputs, even in the face of a subverted communication interface. Here, we introduce ANDIX OS, a security Operating System using the ARM TrustZone architecture to create a Trusted Execution Environment. The ARM TrustZone architecture is a set of security extensions for ARM processors based systems. It is widely in use in mobile phones today. We argue that ARM TrustZone is a technology relevant to the Industrial Control System security setting and that research of its applicability should take place now. To this end we freely provide ANDIX OS as open source for research and also present the results of a case study, where we have used ANDIX OS to solve a concrete problem from a smart maintenance for Industrial Control Systems context. We believe that security for Industrial Control Systems is a pertinent topic and that the use of ARM TrustZone as a security technology that comes almost free with a certain class of ARM based systems is worth studying in this context. Therefore, with ANDIX OS, we provide a suitable tool, and hope that actively encouraging researching the usefuleness and applicability of ARM TrustZone in an Industrial Control System (ICS) context will create more secure Industrial Control Systems in the future.

[1]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[2]  Johannes Winter Experimenting with ARM TrustZone -- Or: How I Met Friendly Piece of Trusted Hardware , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[3]  Michael Roitzsch,et al.  L4 - Virtualization and Beyond , 2008 .

[4]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[5]  Johannes Winter,et al.  A Flexible Software Development and Emulation Framework for ARM TrustZone , 2011, INTRUST.

[6]  Panganamala Ramana Kumar,et al.  Cyber–Physical Systems: A Perspective at the Centennial , 2012, Proceedings of the IEEE.

[7]  Amir Herzberg,et al.  Securing Smartphones: A Micro-TCB Approach , 2014, ArXiv.

[8]  Eugen Brenner,et al.  A secure hardware module and system concept for local and remote industrial embedded system identification , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[9]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[10]  Gernot Heiser,et al.  Hardware-supported virtualization on ARM , 2011, APSys.

[11]  Peter Wilson,et al.  Implementing Embedded Security on Dual-Virtual-CPU Systems , 2007, IEEE Design & Test of Computers.

[12]  Dieter Gollmann,et al.  Industrial control systems security: What is happening? , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[13]  Peter Priller,et al.  Case study: From legacy to connectivity migrating industrial devices into the world of smart services , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[14]  Landon P. Cox,et al.  VeriUI: attested login for mobile devices , 2014, HotMobile.

[15]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.