Datasheet_Embedded_Security_Shield
0 likes95 views
The document discusses the Embedded Security Shield, which extends Kaspersky's Security System (KSS) to integrate security features into the CODESYS industrial automation software. The Embedded Security Shield divides the CODESYS Runtime System into isolated communication and core domains. It uses KSS to check requests to the industrial control system against security policies and allow or deny them. This provides cybersecurity for industrial control systems integrated with CODESYS.
Datasheet_Embedded_Security_Shield
- 1. Target Applications. Control systems in different vertical markets: ƒƒ Factory Automation – PLC, HMI, Motion Controller ƒƒ Process Automation – DCS, SCADA, Process controllers ƒƒ Energy production and distribution – RTU, Gateways, SCADA ƒƒ Building Automation – BAS, HMI ƒƒ Mobile Automation - ECU Embedded Security Shield Release 01.11.16 Scope Industrie 4.0 & IIoT SECURE CONNECTED REAL-TIMESMART A new era of Industrial production has started with Industrie 4.0. The proliferation of connected devices multiplies the risk of attacks on Cyber Physical Systems. In industrial Automation, many Industrial Control Systems integrate the CODESYS technology from 3S-Smart Software Solutions. The Embedded Security Shield extends Kaspersky’s Security System (KSS) for a complete integration into CODESYS and to secure the main communication channel, the CODESYS Gateway. © BE.services GmbH - All rights reserved. ICS Trusted Channel CODESYS Development System CODESYS COM RTS CODESYS CORE RTS Kaspersky Security System ESS Security Editor RTOS Authentication Secure Audit Secure Modes Configuration Trusted Channel Functionality ƒƒ Cyber-security of the ICS ƒƒ Protection of the CODESYS Gateway communication channel ƒƒ Configuration of security policies directly in CODESYS ƒƒ Trusted communication channel with the CODESYS Development System ƒƒ Execution of the CODESYS Runtime in a secure environment ƒƒ Extendable framework to secure customer specific software tools and communication channels Integration of the Embedded Security Shield in CODESYS
- 2. Configuration of the security modes Secure Audit Engagement model How to get? Product Manufacturer Part Number Sales Contact Embedded Security Shield Toolkit BE.services GmbH www.be-services.net 0230113 info@be-services.net Maintenance and Support package for ESS BE.services GmbH www.be-services.net 0230150 info@be-services.net © BE.services GmbH - All rights reserved. Software Package includes ƒƒ Embedded Software: -- Embedded Security Shield -- Kaspersky Security System (KSS) -- CODESYS Runtime extensions ƒƒ Development software: -- ESS Security Editor plug-in for CODESYS EMBEDDEDSECURITY SHIELD Embedded Security Shield3 The CODESYS Runtime System is divided into 2 domains: ƒƒ Communication ƒƒ Core All communication to the ICS is handeld through the Communication runtime. The Core runtime is isolated from any external commu- nications happening through the CODESYS Gateway (communication with CODESYS, network variables, OPC, OPC UA, PLCHandler, data server, etc…). All requests to the ICS come to the Communication Runtime. Their execution is checked by the Kaspersly Security System, a secure, mathematically proven, engine. KSS checks the requests with the existing security policies and allows or denies them. The verdict cache retains previous requests to speed up execution of known past requests. Security policies are defined and configured by the User’s Security Administrator using the ESS Security Editor provided as an additional plug-in in CODESYS. Secure communication for data exchange (security policies configuration, secure audit trail) between the ESS Security Editor and KSS is managed through specific trusted channel. Mechanism Domain 1 (e.g. com stack) IPC Request Command Request for Verdict Verdict delivery Verdict Cache Domain 2 (e.g. application) Microkernel(OSspecific) SecurityRuntime Security Policies Security Server Request (e.g. „stop“) 2 Features and benefits Made by experts ESS is based on Kaspersky Lab’s KSS trusted and recognized specialist for cyber security Complete integration ESS provides the integration of KSS in CODESYS, both in the runtime and in the IDE time and cost saving for the imple- mentation Performance Minimal delay caused by the security process compatible with systems with hard real time behaviour Framework The system is a technology, adaptable to the existing firmware. Different/additional communication channels can be secured by the same means complete security with a single technology Expertise for support and development BE.services can be contracted for development, extension or integration services time and cost saving through 3rd party expertise
- 3. © BE.services GmbH - All rights reserved. Technical data General system information Runtime size Code 2.7 MB / 3.3 MB (without / with ESS) Data 0.8 MB / 1.0 MB (without / with ESS) Communication UDP / Serial / USB Trusted channel Supported CPUs X86, ARM, ARM Cortex, PowerPC Others on demand Supported operating systems Linux Others on demand Performance data Command Without ESS With ESS Application download (302 kB) 2.98 s 3.01 s File transfer (1.5 MB) 28.80 s 28.87 s OPC access (2000 variables of type byte) 4 ms 5 ms Test hardware: Xilinx Zynq ZC702 (ARM Cortex A9) Support Please contact info@be-services.net www.be-services.net Embedded Security Shield4 Evaluation Kit: Evaluate the Embedded Security Shield on the Xilinx Zynq ZC702. More information under: www.be-services.net/industrie-40/xilinx.html