Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM

Evaluation of MILS and reduced kernel security concepts for SCADA remote terminal units.

The purpose of this project is to study the benefits that the Multiple Independent Levels of Security (MILS) approach can provide to Supervisory Control and Data Acquisition (SCADA) remote terminal units. This is accomplished through a heavy focus on MILS concepts such as resource separation, verification, and kernel minimization and reduction. Two architectures are leveraged to study the application of reduced kernel concepts for a remote terminal unit (RTU). The first is the LynxOS embedded operating system, which is used to create a bootable image of a working RTU. The second is the Pistachio microkernel, the features and development environment of which are analyzed and catalogued to provide the basis for a future RTU. A survey of recent literature is included that focuses on the state of SCADA security, the MILS standard, and microkernel research. The design methodology for a MILS compliant RTU is outlined, including a benefit analysis of applying MILS in an industrial network setting. Also included are analyses of the concepts of MILS which are relevant to the design and how LynxOS and Pistachio can be used to study some of these concepts. A section detailing the prototyping of RTUs on LynxOS and Pistachio is also included, followed by an initial security and performance analysis for both systems

Scheduling policies and system software architectures for mixed-criticality computing

Mixed-criticality model of computation is being increasingly adopted in timing-sensitive systems. The model not only ensures that the most critical tasks in a system never fails, but also aims for better systems resource utilization in normal condition. In this report, we describe the widely used mixed-criticality task model and fixed-priority scheduling algorithms for the model in uniprocessors. Because of the necessity by the mixed-criticality task model and scheduling policies, isolation, both temporal and spatial, among tasks is one of the main requirements from the system design point of view. Different virtualization techniques have been used to design system software architecture with the goal of isolation. We discuss such a few system software architectures which are being and can be used for mixed-criticality model of computation

A prototype security hardened field device for SCADA systems.

This thesis describes the development of a prototype security hardened field device (such as a remote terminal unit) based on commodity hardware and implementing a previously developed security architecture. This security architecture has not been implemented in the past due to the difficulty of providing an operating system which meets the architecture\u27s isolation requirements. Recent developments in both hardware and software have made such an operating system possible, opening the door to the implementation and development of this new security architecture in physical devices attached to supervisory control and data acquisition (SCADA) systems. A prototype is developed using commodity hardware selected for similarity to existing industrial systems and making use of the new OKL4 operating system. Results of prototype development are promising, showing performance values which are adequate for a broad range for industrial applications

Towards a formally designed and verified embedded operating system: case study using the B method

The dramatic growth in practical applications for iris biometrics has been accompanied by relevant developments in the underlying algorithms and techniques. Along with the research focused on near-infrared images captured with subject cooperation, e orts are being made to minimize the trade-o between the quality of the captured data and the recognition accuracy on less constrained environments, where images are obtained at the visible wavelength, at increased distances, over simpli ed acquisition protocols and adverse lightning conditions. At a rst stage, interpolation e ects on normalization process are addressed, pointing the outcomes in the overall recognition error rates. Secondly, a couple of post-processing steps to the Daugman's approach are performed, attempting to increase its performance in the particular unconstrained environments this thesis assumes. Analysis on both frequency and spatial domains and nally pattern recognition methods are applied in such e orts. This thesis embodies the study on how subject recognition can be achieved, without his cooperation, making use of iris data captured at-a-distance, on-the-move and at visible wavelength conditions. Widely used methods designed for constrained scenarios are analyzed

Microkernel security evaluation.

This thesis documents the successful development and testing of a more secure industrial control system field device architecture and software. The implementation of a secure field device has had limitations in the past due to a lack of secure operating system and guidelines. With the recent verification of OK Labs SEL4 microkernel, a verified operating system for such devices is possible, creating a possibility for a secure field device following open standards using known security protocols and low level memory and functionary isolation. The virtualized prototype makes use of common hardware and an existing secure field device architecture to implement a new level of security where the device is verified to function as expected. The experimental evaluation provides performance data which indicates the usefulness of the architecture in the field and security function integration testing to guarantee secure programs can be implemented on the device. Results of the devices functionality are hopeful, showing useful performance for many applications and further development as a fully functional secure field device