White Paper ® Trusted Execution and Intel® Virtualization Technology Design House and Platform Solutions

Securing and Consolidating Industrial Automation Systems Based on Intel® Architecture Using Open Source Technology

Using open source components, Intel demonstrates how Intel® Trusted Execution Technology and Intel® Virtualization Technology complement existing security measures for networked industrial systems based on Intel® Architecture.

Executive Summary This paper presents an overview of the importance of security for today’s connected industrial automation systems and highlights the benefits of Intel® Trusted Execution Technology (Intel® TXT) and Intel® Virtualization Technology (Intel® VT) in complementing existing security measures. Furthermore, a demonstration system (a product separation industrial machine) using open source technology is described with a procedure that may be considered to set up the system. “This demonstration of a security solution for Background industrial automation Industrial automation systems are unknown security vulnerabilities in increasingly connected to each other the and application systems uses open source in a manufacturing environment as software in order to access confidential technology with Intel® part of the Internet of Things (IoT) data or to manipulate processes in concept where real-time information connected systems. The potential Architecture. By designing from connected devices can be consequences of a security breach on security into its processors, consolidated, analyzed, and acted connected systems may include loss upon. This connected approach to of productivity, harm to corporate Intel ensures security manufacturing is not limited to a single reputation, and damage to equipment. site; the approach has evolved to a is inherent in deployed Securing industrial automation systems site communicating with other sites, requires a comprehensive solution with systems based on Intel® enabling decision-making at a higher- multiple layers of security measures level by connecting the information Architecture with Intel® without impacting performance or from the device level to enterprise limiting accessibility. One of the layers vPro™ technology.” resource planning (ERP) systems at the is Intel® TXT, which provides security enterprise level. at the hardware level even before the With the rise of connected devices operating system is running to ensure in the manufacturing environment, a trusted computing base. After the Yau, Wai Yeong the focus is now on security and operating system loads uncorrupted, Intel Corporation consolidation. Unlike conventional protection is then provided by other Lee, Zhan Qiang closed systems, today’s connected security layers, such as an antivirus Intel Corporation industrial automation systems are software that detects runtime susceptible to cyber threats, such viruses and a security policy that

as zero-day . These threats, compartmentalizes applications and if detected at all, exploit previously the system where access is restricted to specific users. Securing and Consolidating Industrial Automation Systems Based on Intel® Architecture Using Open Source Technology

Table of Contents Ensuring Trust with a Hardware- Consolidating Workload and Based Security Foundation Enhancing Control Executive Summary ...... 1 The computing infrastructure of an The 4th generation Intel® Core™ vPro™ Background ...... 1 industrial automation system only processor supports hardware-based Ensuring Trust with a Hardware- offers protection — for example, virtualization in the form of Intel® VT2, Based Security Foundation. . . . 2 through the installation of third- which increases the robustness of the party security software and the virtualized environment by ensuring Establishing a Measured and implementation of security policies — virtual machines do not interfere Verified Boot...... 2 after the operating system loads. The with each other and accelerates data Consolidating Workload and challenge is ensuring the operating transfers by directly and securely Enhancing Control...... 2 system can be trusted before it loads. assigning I/O devices to the guest Demonstrating a Security Solution operating systems. Establishing a Measured and Verified for Industrial Automation Systems The separation of software from Boot with Intel® Architecture...... 3 hardware in virtualization allows Security Demonstration . . . . 3 The 4th generation Intel® Core™ several operating systems to run on processor with Intel® vPro™ technology1 a single computing platform, with Setting Up the System Using Open offers integrated hardware support individual virtual machines managed Source Components...... 3 for intelligent management functions, by a hypervisor or a virtual machine Conclusion...... 4 virtualization, and platform security. To monitor (VMM). The hypervisor complement existing security measures abstracts the hardware requirements that ensure trust in the computing for software, so each virtual machine infrastructure of industrial automation appears to run on its own computing systems, the combination of the Intel® platform. Core™ vPro™ processor, chipset, the This consolidation of computing (TPM), and infrastructure for industrial automation compose Intel® Trusted systems allows greater flexibility Execution Technology (Intel® TXT). when it comes to enhancing security. Intel® TXT is a hardware-based security Consolidating the computing foundation that provides a trusted infrastructure results in fewer starting point for the operating system, computing platforms that require prevents unauthorized software, and security solutions. Fewer computing enforces trusted configurations. platforms also reduces the points of Before the operating system is attack by unauthorized users. launched, restarted, or resumed from Simplifying the efforts towards sleep, Intel® TXT establishes a trusted these goals is the Intel® Industrial computing platform by ensuring the Solutions System Consolidation Series, launch environment (such as BIOS and which is a solution that includes the virtual machine managers) is secure essential hardware and software. A by measuring critical elements in demonstration of using this solution comparison with a known good source with a commercial security software is and verifying the launch components detailed in the solution brief at http:// using cryptographically generated www.intel.com/content/www/us/en/ digital signatures. Therefore when industrial-automation/mcafee-how- the operating system is running, it to-secure-manage-industrial-systems- is running on a trusted computing brief.html. platform. However, the computing platform still requires security However, the demonstration presented measures against runtime threats and in this paper uses open source malicious intentions via third-party components to enable the security solutions. and consolidation of the computing

2 Securing and Consolidating Industrial Automation Systems Based on Intel® Architecture Using Open Source Technology

platform in an industrial automation Security Demonstration To enable Intel® TXT on both virtual machines to perform a measured and system. In this demonstration, a USB flash verifed launch of the Hypervisor, an drive infected with a virus is open source pre-kernel module called Demonstrating a Security Solution plugged into the computer. The runtime Trusted Boot* (tboot) is installed. for Industrial Automation Systems security layer detects the intrusion and Using Intel® VT, platform resources with Intel® Architecture prevents the rootkit virus from running are securely assigned to each virtual automatically. When the computer is This demonstration is a product machine, ensuring the trustworthiness restarted, Intel® TXT determines the separation industrial machine that of the launch environment. sorts a product by its color using integrity of the operating system has vision inspection and control system. It been compromised and prevents the The following is a general procedure consists of two virtual machines (VM1 operating system from loading. This to set up the open source components and VM2) running on a single computer effectively stops the rootkit virus from of the product separation industrial powered by the 4th generation Intel® affecting other parts of the product machine that demonstrates the Core™ vPro™ processor. The system is separation industrial machine. capabilities of Intel® TXT and Intel® VT. set up using open source components 1. Set up the computer BIOS as Setting Up the System Using Open that support Intel® TXT and Intel® VT. follows3: Source Components Both virtual machines are connected • In Processor configuration, enable The computing platform used in the on the same network. VM1 performs Intel® VT and Intel® TXT. * the function of a machine vision system demonstration uses the Hypervisor that detects the color of the product from Xen Project, which hosts two • In Security, enable TPM. instances of virtual machines as the via a machine vision camera. VM1 • Enable and set up an adminstrator guest operating system. The software then communicates with VM2, which password. controls an actuator, a conveyer belt, required to run the vision inspection and a warning system. The actuator is installed into VM1 (machine vision • Save the settings, and restart the separates the product into the system) and the software to control computer. the conveyer belt is installed into VM2 respective bins for each color based on 2. Install Ubuntu* 12.04LTS on (industrial control system). the information from VM1. the computer that will host the

Machine Vision System Industrial Control System (VM1) (VM2)

App OS App OS

Hypervisor

Computer Demonstration system. This setup comprises a computer Machine Vision Camera Actuator based on Intel® Architecture with Color Detection Product Separation Warning Intel® vPro™ technology and open System source components to protect ! industrial operations from cyber threats. The computer runs two virtual machines that control the machine vision camera and Conveyor Belt the actuator of the product Red Bin Blue Bin separation industrial machine.

3 Securing and Consolidating Industrial Automation Systems Based on Intel® Architecture Using Open Source Technology

operating system for the virtual Two kinds of measurements are Conclusion machines. performed: Security in industrial automation 3. Install the Hypervisor from Xen • dynamic measurement: systems is becoming critical as the Project on the host operating measures the operating system Internet of Things concept becomes system. increasingly popular. More components • static measurement: and systems in the manufacturing 4. Create two virtual machines: VM1 measures the core root of trust environment are connected to the and VM2. measurement (CRTM), BIOS, and Internet, exposing them to external platform configuration. 5. Enable PCI passthrough, assigning threats of cyber attacks. The challenge each VM a dedicated USB controller 9. Restart the computer. Verify that the is to address the security concerns based on either xHCI or EHCI. Each PCRs are extending and the status through a multilayered approach. USB controller controls four USB of the Intel® TXT measured launch is Supported by the 4th generation Intel® ports. true. An example is shown below: Core™ vPro™ processor, Intel® TXT and 6. Enable GFx passthrough, assigning a. Restart the computer. Intel® VT provide hardware-based the graphic controller to VM2. $ reboot security and virtualization features that complement existing security 7. In each virtual machine, install the b. Select the new menu item measures. These features allow the software required to operate the created during the tboot effective use of computing resources vision inspection and to control the installation from the grub menu. and offer hardware-based security conveyer belt. c. The command txt-stat displays technology to thwart cyber attacks 8. Set up tboot on the computer. information about the status of and malicious code. By designing Perform a provisioning process that Intel® TXT (the PCR status) and security into its processors, Intel uses cryptographic hash to measure the tboot log. Run txt-stat with ensures security is inherent in deployed the untampered hypervisor and the the following commands: systems based on Intel® Architecture BIOS. When the hypervisor starts, $tcsd with Intel® vPro™ technology. tboot compares the runtime hash $txt-stat For more information on Intel® Trusted with the measured values stored in An output as shown below Execution Technology and Intel® the Platform Configuration Registers indicates the computer Virtualization Technology, visit (PCRs) of the TPM. performed a measured launch https://www-ssl.intel.com/content/

successfully: www/us/en/intelligent-systems/ TXT measured launch: TRUE intel-technology/hardware-based- secrets flag set: TRUE .html

1 Intel® vPro™ technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software, and IT environment. To learn more, visit www.intel.com/technology/vpro. 2 Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and, for some uses, certain platform software enabled for it. Functionality, performance, or other benefits will vary depending on hardware and software configurations and may require a BIOS update. Software applications may not be compatible with all operating systems. Please check with your application vendor. 3 These are generic steps. Refer to the computer’s accompanying documentation for the specific information on configuring the computer BIOS.

By using this document, in addition to any agreements you have with Intel, you accept the terms set forth below. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non- exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm. Basis, BlueMoon, BunnyPeople, Celeron, , Cilk, Flexpipe, Intel, the Intel logo, the Intel Anti-Theft technology logo, Intel AppUp, the Intel AppUp logo, Intel Atom, Intel CoFluent, Intel Core, Intel Inside, the Intel Inside logo, Intel Insider, Intel NetMerge, Intel NetStructure, Intel RealSense, Intel SingleDriver, Intel SpeedStep, Intel vPro, Intel Xeon Phi, Intel XScale, InTru, the InTru logo, the InTru Inside logo, InTru soundmark, Iris, Itanium, Kno, Look Inside., the Look Inside. logo, Mashery, MCS, MMX, Pentium, picoArray, Picochip, picoXcell, Puma, Quark, SMARTi, smartSignaling, Sound Mark, Stay With It, the Engineering Stay With It logo, The Creators Project, The Journey Inside, , the Thunderbolt logo, Transcede, Transrf, , VTune, Xeon, X-GOLD, XMM, X-PMU and XPOSYS are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Copyright © 2014 Intel Corporation. All rights reserved. Printed in Malaysia 1014/DRK/LZQ/PDF Please Recycle 331239-001EN