Description
In Industrial software, additional constraints such as formal verification and limited
remote patching are often required compared to consumer or enterprise software.
These additional constraints and the often niche use-case of industrial software lead
to a relatively slow development life-cycle. To mitigate development bottlenecks and
increase the security of industrial software, we propose virtualization via a unikernel.
We implement a software loader that permits confidential computing by using confidential
computing hardware extensions to run them inside a virtualized environment.
Furthermore, we offer a working example application that is virtualized and communicates
with an industrial network protocol. Finally, we evaluate the resulting work in
terms of security and performance. Our results show that the system increases security
with added hardware extensions though at the same time generates a performance
overhead. We show that the overhead is mainly generated by the experimental nature
of the driver and the unoptimized virtual firmware.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching