The ANDIX research OS — ARM TrustZone meets industrial control systems security

Abstract

Security by isolation is a longstanding, widely applied, and useful paradigm for achieving security goals such as data and code integrity, confidentiality, and availability. Security by isolation can be used to create Trusted Execution Environments. These environments provide specific security guarantees to the information processing taking place therein. In an Industrial Control System secure control setting using this approach allows, for example, protecting the integrity of a control algorithm against unauthorized modification and secure monitoring of the veracity of received inputs, even in the face of a subverted communication interface. Here, we introduce ANDIX OS, a security Operating System using the ARM TrustZone architecture to create a Trusted Execution Environment. The ARM TrustZone architecture is a set of security extensions for ARM processors based systems. It is widely in use in mobile phones today. We argue that ARM TrustZone is a technology relevant to the Industrial Control System security setting and that research of its applicability should take place now. To this end we freely provide ANDIX OS as open source for research and also present the results of a case study, where we have used ANDIX OS to solve a concrete problem from a smart maintenance for Industrial Control Systems context. We believe that security for Industrial Control Systems is a pertinent topic and that the use of ARM TrustZone as a security technology that comes almost free with a certain class of ARM based systems is worth studying in this context. Therefore, with ANDIX OS, we provide a suitable tool, and hope that actively encouraging researching the usefuleness and applicability of ARM TrustZone in an Industrial Control System (ICS) context will create more secure Industrial Control Systems in the future.