DOCSLIB.ORG

Security Probes for Industrial Control Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Probes for Industrial Control Networks Master in Informatics Engineering Dissertation Final Report Security Probes for Industrial Control Networks Jorge Filipe Barrigas [email protected] Academic Advisor: Prof. Tiago José dos Santos Martins da Cruz Date: July 01, 2014 Acknowledgements I would like to express my special appreciation and thanks to my advisor Professor Tiago Cruz for his excellent guidance, caring, patience, and providing me with an excellent atmosphere for doing research. I would also like to thank the LCT team and Professor Dr. Paulo Simões for all the support in my research. Finally, I would also like to thank my parents. They were always supporting me and encouraging me with their best wishes. Summary During the last years, some of the attacks towards SCADA made headlines, helping raise awareness . Some of the vulnerabilities may even be exploited to harm other systems, eventually, ending compromising specific points of SCADA networks. At the same time, a growing number of threats related with the physical layer made new issues and low-level mechanisms emerged, requiring careful approach and monitoring to secure such devices. Threats of this type are considered to be even more dangerous than SCADA-specific ones, since these operate at a lower level, unnoticed to scanners and anti-viruses. Considering this scenario we can expect a growing number of these threats to be affecting SCADA components, if adequate countermeasures are not taken. Over the last ten months (from September 16, 2013 until June 27, 2014), a new concept was developed, in the context of the FP7 CockpitCI project, for the current thesis, to reinforce the security of SCADA systems. This concept refers to a device installed in a key juncture of the network, with the purpose of monitoring the behavior of specific components, while reporting detected anomalies. However, even before this thesis (during the second curriculum semester of the year 2012/2013) there was already some research being made in this sense, which reflects in the amount of res ults included in this document. Keywords SCADA Systems Detection Architecture Shadow RTU Probing Architecture Man-in-the-middle Attack Scenarios i ii Index 1 Introduction........................................................................................................................ 1 1.1 Context – Security in SCADA Systems, CockpitCI Project ............................................. 1 1.2 Thesis Objectives ....................................................................................................... 1 1.3 Structure of the Document ........................................................................................... 3 2 State of the Art – SCADA Security ....................................................................................... 4 2.1 Introduction – SCADA Generations .............................................................................. 4 2.2 Overview of SCADA Vulnerabilities .............................................................................. 6 2.3 Evaluation of Architecture Partitioning Solutions ........................................................... 7 2.3.1 Dual-Homed Solutions ......................................................................................... 7 2.3.2 Router and Firewall-based Solutions ..................................................................... 8 2.3.3 DMZ and VPN-based Solutions ...........................................................................10 2.3.4 Solution Comparison and Evaluation ...................................................................12 2.4 Post-Stuxnet Security.................................................................................................13 2.4.1 Vulnerabilities in Hardware and Software Components .........................................15 2.4.2 Future Threats in ICS/SCADA .............................................................................16 2.5 Low-Level Threats .....................................................................................................18 2.5.1 Advanced Volatile Threats (AVTs) .......................................................................18 2.5.2 Memory Attacks .................................................................................................18 2.5.3 Advanced Persistent Threats (APTs) ...................................................................19 2.5.4 Firmware Attacks................................................................................................20 2.5.5 Rootkits .............................................................................................................20 2.6 Methods of Exploitation ..............................................................................................20 2.7 Secure Execution Environments .................................................................................21 2.7.1 PEE within a Computer System ...........................................................................22 2.7.2 One-way Isolation...............................................................................................24 2.8 Secure Execution Approaches ....................................................................................25 2.8.1 Virtualization ......................................................................................................25 2.8.2 File System and Process Confinement .................................................................26 2.8.3 Containers .........................................................................................................26 2.8.4 Container-based Solutions ..................................................................................27 2.8.5 Access Control Policies.......................................................................................27 2.9 Containers Comparison and Evaluation.......................................................................27 iii 2.10 Isolation Contexts ......................................................................................................28 3 CockpitCI Reference Architecture.......................................................................................30 3.1 Requirements for the Proposed Architecture................................................................30 3.2 Probing Architecture ..................................................................................................30 3.3 Detection Agents .......................................................................................................31 3.3.1 Network and Host Intrusion Detection Systems ....................................................31 3.3.2 Honeypot ...........................................................................................................31 3.3.3 Shadow RTU......................................................................................................32 3.4 Detection Architecture ................................................................................................32 3.5 CockpitCI Security Ontology .......................................................................................35 4 Proposed Probing Architecture...........................................................................................38 4.1 Shadow RTU Concept ...............................................................................................38 4.2 Probing Modules ........................................................................................................39 4.2.1 Network Event Monitoring ...................................................................................39 4.2.2 Network Data Collection......................................................................................40 4.2.3 Network Data Processing....................................................................................41 4.2.4 Network Event Configuration ...............................................................................41 4.2.5 Network Event Programming...............................................................................42 4.2.6 Event Execution .................................................................................................42 4.2.7 Event Reporting .................................................................................................43 4.3 Motivations and Requirements....................................................................................44 4.4 Management Interfaces ..............................................................................................46 4.4.1 System Management ..........................................................................................46 4.4.2 Event Management ............................................................................................47 4.4.3 Container Management.......................................................................................47 5 Concept Validation ............................................................................................................49 5.1 Hardware Validation...................................................................................................49 5.1.1 System Requirements.........................................................................................49 5.1.2 Network Monitoring Options ................................................................................52 5.1.3 Passive Ethernet Taps ........................................................................................53
Load more

Recommended publications
  • Industrial Control Via Application Containers: Migrating from Bare-Metal to IAAS
    Industrial Control via Application Containers: Migrating from Bare-Metal to IAAS Florian Hofer, Student Member, IEEE Martin A. Sehr Antonio Iannopollo, Member, IEEE Faculty of Computer Science Corporate Technology EECS Department Free University of Bolzano-Bozen Siemens Corporation University of California Bolzano, Italy Berkeley, CA 94704, USA Berkeley, CA 94720, USA fl[email protected] [email protected] [email protected] Ines Ugalde Alberto Sangiovanni-Vincentelli, Fellow, IEEE Barbara Russo Corporate Technology EECS Department Faculty of Computer Science Siemens Corporation University of California Free University of Bolzano-Bozen Berkeley, CA 94704, USA Berkeley, CA 94720, USA Bolzano, Italy [email protected] [email protected] [email protected] Abstract—We explore the challenges and opportunities of control design full authority over the environment in which shifting industrial control software from dedicated hardware to its software will run, it is not straightforward to determine bare-metal servers or cloud computing platforms using off the under what conditions the software can be executed on cloud shelf technologies. In particular, we demonstrate that executing time-critical applications on cloud platforms is viable based on computing platforms due to resource virtualization. Yet, we a series of dedicated latency tests targeting relevant real-time believe that the principles of Industry 4.0 present a unique configurations. opportunity to explore complementing traditional automation Index Terms—Industrial Control Systems, Real-Time, IAAS, components with a novel control architecture [3]. Containers, Determinism We believe that modern virtualization techniques such as application containerization [3]–[5] are essential for adequate I. INTRODUCTION utilization of cloud computing resources in industrial con- Emerging technologies such as the Internet of Things and trol systems.
    [Show full text]
  • The Evolution of Econometric Software Design: a Developer's View
    Journal of Economic and Social Measurement 29 (2004) 205–259 205 IOS Press The evolution of econometric software design: A developer’s view Houston H. Stokes Department of Economics, College of Business Administration, University of Illinois at Chicago, 601 South Morgan Street, Room 2103, Chicago, IL 60607-7121, USA E-mail: [email protected] In the last 30 years, changes in operating systems, computer hardware, compiler technology and the needs of research in applied econometrics have all influenced econometric software development and the environment of statistical computing. The evolution of various representative software systems, including B34S developed by the author, are used to illustrate differences in software design and the interrelation of a number of factors that influenced these choices. A list of desired econometric software features, software design goals and econometric programming language characteristics are suggested. It is stressed that there is no one “ideal” software system that will work effectively in all situations. System integration of statistical software provides a means by which capability can be leveraged. 1. Introduction 1.1. Overview The development of modern econometric software has been influenced by the changing needs of applied econometric research, the expanding capability of com- puter hardware (CPU speed, disk storage and memory), changes in the design and capability of compilers, and the availability of high-quality subroutine libraries. Soft- ware design in turn has itself impacted applied econometric research, which has seen its horizons expand rapidly in the last 30 years as new techniques of analysis became computationally possible. How some of these interrelationships have evolved over time is illustrated by a discussion of the evolution of the design and capability of the B34S Software system [55] which is contrasted to a selection of other software systems.
    [Show full text]
  • The Many Approaches to Real-Time and Safety Critical Linux Systems
    Corporate Technology The Many Approaches to Real-Time and Safety-Critical Linux Open Source Summit Japan 2017 Prof. Dr. Wolfgang Mauerer Siemens AG, Corporate Research and Technologies Smart Embedded Systems Corporate Competence Centre Embedded Linux Copyright c 2017, Siemens AG. All rights reserved. Page 1 31. Mai 2017 W. Mauerer Siemens Corporate Technology Corporate Technology The Many Approaches to Real-Time and Safety-Critical Linux Open Source Summit Japan 2017 Prof. Dr. Wolfgang Mauerer, Ralf Ramsauer, Andreas Kolbl¨ Siemens AG, Corporate Research and Technologies Smart Embedded Systems Corporate Competence Centre Embedded Linux Copyright c 2017, Siemens AG. All rights reserved. Page 1 31. Mai 2017 W. Mauerer Siemens Corporate Technology Overview 1 Real-Time and Safety 2 Approaches to Real-Time Architectural Possibilities Practical Approaches 3 Approaches to Linux-Safety 4 Guidelines and Outlook Page 2 31. Mai 2017 W. Mauerer Siemens Corporate Technology Introduction & Overview About Siemens Corporate Technology: Corporate Competence Centre Embedded Linux Technical University of Applied Science Regensburg Theoretical Computer Science Head of Digitalisation Laboratory Target Audience Assumptions System Builders & Architects, Software Architects Linux Experience available Not necessarily RT-Linux and Safety-Critical Linux experts Page 3 31. Mai 2017 W. Mauerer Siemens Corporate Technology A journey through the worlds of real-time and safety Page 4 31. Mai 2017 W. Mauerer Siemens Corporate Technology Outline 1 Real-Time and Safety 2 Approaches to Real-Time Architectural Possibilities Practical Approaches 3 Approaches to Linux-Safety 4 Guidelines and Outlook Page 5 31. Mai 2017 W. Mauerer Siemens Corporate Technology Real-Time: What and Why? I Real Time Real Fast Deterministic responses to stimuli Caches, TLB, Lookahead Bounded latencies (not too late, not too Pipelines early) Optimise average case Repeatable results Optimise/quantify worst case Page 6 31.
    [Show full text]
  • Enabling Mobile Service Continuity Across Orchestrated Edge Networks
    This is a postprint version of the following published document: Abdullaziz, O. I., Wang, L. C., Chundrigar, S. B. y Huang, K. L. (2019). Enabling Mobile Service Continuity across Orchestrated Edge Networks. IEEE Transactions on Network Science and Engineering, 7(3), pp. 1774-1787. DOI: https://doi.org/10.1109/TNSE.2019.2953129 © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. Enabling Mobile Service Continuity across Orchestrated Edge Networks Osamah Ibrahiem Abdullaziz, Student Member, IEEE, Li-Chun Wang, Fellow, IEEE, Shahzoob Bilal Chundrigar and Kuei-Li Huang Abstract—Edge networking has become an important technology for providing low-latency services to end users. However, deploying an edge network does not guarantee continuous service for mobile users. Mobility can cause frequent interruptions and network delays as users leave the initial serving edge. In this paper, we propose a solution to provide transparent service continuity for mobile users in large-scale WiFi networks. The contribution of this work has three parts. First, we propose ARNAB architecture to achieve mobile service continuity. The term ARNAB means rabbit in Arabic, which represents an Architecture for Transparent Service Continuity via Double-tier Migration. The first tier migrates user connectivity, while the second tier migrates user containerized applications. ARNAB provides mobile services just like rabbits hop through the WiFi infrastructure.
    [Show full text]
  • Building Embedded Linux Systems ,Roadmap.18084 Page Ii Wednesday, August 6, 2008 9:05 AM
    Building Embedded Linux Systems ,roadmap.18084 Page ii Wednesday, August 6, 2008 9:05 AM Other Linux resources from O’Reilly Related titles Designing Embedded Programming Embedded Hardware Systems Linux Device Drivers Running Linux Linux in a Nutshell Understanding the Linux Linux Network Adminis- Kernel trator’s Guide Linux Books linux.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center Linux and Unix and related technologies, including sample chapters and code examples. ONLamp.com is the premier site for the open source web plat- form: Linux, Apache, MySQL, and either Perl, Python, or PHP. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit con- ferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. main.title Page iii Monday, May 19, 2008 11:21 AM SECOND EDITION Building Embedded Linux SystemsTomcat ™ The Definitive Guide Karim Yaghmour, JonJason Masters, Brittain Gilad and Ben-Yossef, Ian F. Darwin and Philippe Gerum Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Building Embedded Linux Systems, Second Edition by Karim Yaghmour, Jon Masters, Gilad Ben-Yossef, and Philippe Gerum Copyright © 2008 Karim Yaghmour and Jon Masters.
    [Show full text]
  • Alpha AXP Firmware Porting Guide Revision/Update Information: Version 1.0
    Alpha AXP Firmware Porting Guide Revision/Update Information: Version 1.0 Order Number: EK-AXFRM-PG. A01 November, 1994 Digital Equipment Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Reproduction or duplication of this courseware in any form, in whole or in part, is prohibited without the prior written permission of Digital Equipment Corporation. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. © Digital Equipment Corporation 1994. All Rights Reserved. Printed in U.S.A. The following are trademarks of Digital Equipment Corporation: Alpha AXP, AXP, Bookreader, DEC, DECchip, DEC OSF/1, DECwindows, Digital, OpenVMS, VAX, VMS, VMScluster, the DIGITAL logo and the AXP mark. MIPS is a trademark of MIPS Computer Systems, Inc. NCR is a registered trademark of the NCR Corporation. NetWare is a registered trademark of Novell, Inc. OSF/1 is a registered trademark of the Open Software Foundation, Inc. UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Ltd. Windows NT is a registered trademark of the Microsoft Corporation. All other trademarks and registered trademarks are the property of their respective holders. This document was prepared using VAX DOCUMENT Version 2.1. Contents Preface ............................................................ xiii 1 Porting Strategy Overview .......................................................
    [Show full text]
  • Arxiv:2005.01890V1 [Cs.DC] 5 May 2020 Sources Without Compromising Scheduled Execution Within Given Time Con- Straints
    DRAFT Industrial Control VIA Application Containers: Maintaining DETERMINISM IN IAAS Florian Hofer1,3* | Martin Sehr2 | Alberto Sangiovanni-Vincentelli3 | BarbarA Russo1 1Faculty OF Computer Science, FREE Industry 4.0 IS CHANGING FUNDAMENTALLY DATA collection, ITS STORAGE AND UnivERSITY OF Bolzano-Bozen, Bolzano, ANALYSIS IN INDUSTRIAL processes, ENABLING NOVEL APPLICATION SUCH AS flExi- 39100, Italy BLE MANUFACTURING OF HIGHLY CUSTOMIZED products. Real-time CONTROL OF 2CorporATE TECHNOLOGY, Siemens Corporation, BerkELEY, CA, 94704, USA THESE processes, HOWEVER, HAS NOT YET REALIZED ITS FULL POTENTIAL IN USING THE COLLECTED DATA TO DRIVE FURTHER DEVelopment. Indeed, TYPICAL indus- 3EECS, UnivERSITY OF California, BerkELEY, CA, 94720, USA TRIAL CONTROL SYSTEMS ARE TAILORED TO THE PLANT THEY NEED TO control, mak- ING REUSE AND ADAPTATION A challenge. In THE past, THE NEED TO SOLVE PLANT Correspondence SPECIfiC PROBLEMS OVERSHADOWED THE BENEfiTS OF PHYSICALLY ISOLATING A con- Florian Hofer, Faculty OF Computer Science, TROL SYSTEM FROM ITS plant. WE BELIEVE THAT MODERN VIRTUALIZATION tech- FREE UnivERSITY OF Bolzano-Bozen, Bolzano, niques, SPECIfiCALLY , PRESENT A UNIQUE OPPORTUNITY TO 39100, Italy APPLICATION CONTAINERS Email: fl[email protected] DECOUPLE CONTROL FROM plants. This SEPARATION PERMITS US TO FULLY REALIZE THE POTENTIAL FOR HIGHLY distributed, AND TRANSFERABLE INDUSTRIAL PROCESSES FUNDING INFORMATION EVEN WITH real-time CONSTRAINTS ARISING FROM time-critical sub-processes. iCyPhY, THROUGH Siemens Corporation, In THIS PAPER, WE EXPLORE THE CHALLENGES AND OPPORTUNITIES OF SHIFTING in- CorporATE TECHNOLOGY DUSTRIAL CONTROL SOFTWARE FROM DEDICATED HARDWARE TO bare-metal SERVERS OR (EDGE) CLOUD COMPUTING PLATFORMS USING off-the-shelf TECHNOLOGY. WE PRESENT A MIGRATION ARCHITECTURE AND SHOW, USING A SPECIfiCALLY DEVELOPED ORCHESTRATION tool, THAT CONTAINERIZED APPLICATIONS CAN RUN ON SHARED re- arXiv:2005.01890v1 [cs.DC] 5 May 2020 SOURCES WITHOUT COMPROMISING SCHEDULED EXECUTION WITHIN GIVEN TIME con- STRaints.
    [Show full text]
  • Installing Xenomai 3.X I
    Installing Xenomai 3.x i Installing Xenomai 3.x Installing Xenomai 3.x ii REVISION HISTORY NUMBER DATE DESCRIPTION NAME Installing Xenomai 3.x iii Contents 1 Introduction 1 2 Installation steps 1 3 Installing the Cobalt core 1 3.1 Preparing the Cobalt kernel..............................................1 3.2 Configuring and compiling the Cobalt kernel....................................2 3.3 Cobalt kernel parameters...............................................2 3.4 Examples of building the Cobalt kernel.......................................3 3.4.1 Building a Cobalt/x86 kernel (32/64bit)...................................3 3.4.2 Building a Cobalt/powerpc kernel......................................4 3.4.3 Building Cobalt/arm kernel.........................................4 4 Installing the Mercury core 4 5 Installing the Xenomai libraries and tools4 5.1 Prerequisites......................................................4 5.1.1 Generic requirements (both cores)......................................4 5.1.2 Cobalt-specific requirements.........................................5 5.1.3 Mercury-specific requirement........................................5 5.2 Configuring......................................................5 5.2.1 Generic configuration options (both cores)..................................5 5.2.2 Cobalt-specific configuration options....................................8 5.2.3 Mercury-specific configuration options...................................8 5.3 Cross-compilation...................................................8 6 Examples
    [Show full text]
  • How to Install Xenomai?
    How to install Xenomai? This tutorial will detail Xenomai installation on a small Dell Optiplex 990 desktop having 16GB of RAM and an Intel Core i7-2600 CPU @ 3.40GHz × 8 cores. The machine has two 128GB Samsung SSD's. For the Ubuntu installation, 100GB of the first drive was dedicated to the operating system (mount point /) and the rest was left as swap space. On the second drive, 75GB was dedicated to user home directories (mount point /Volumes/<computer_name>) and the rest was left to backup space (mount point /Volumes/backup). 1 Step-by-step guide for Installing Linux 3.8.13 + Xenomai 2.6.3 (Ubuntu 12.04) 1.1 Prerequisites 1.2 Building a Xenomai-patched Linux kernel package 1.2.1 Downloading the sources/configuring xenomai 1.2.2 Kernel configuration and compilation 1.2.3 Testing for latency issues 1.2.4 Graphics drivers and Xenomai 1.2.4.1 NVIDIA GF119 1.2.4.2 Intel Onboard Graphics i915 1.3 Installing RT-NET 1.3.1 Downloading and installation 1.3.2 Network configuration 1.3.3 Running RTNet 1.3.4 Running RTNet at startup (optional) 1.3.5 Testing RTNet (on the SARCOS robot) 1.4 Installing usb4rt 1.4.1 Background 1.4.2 Installation 1.4.3 Configuration 1.4.4 Resolving IRQ sharing 1.4.5 Running usb4rt 1.4.6 Running usbrt at startup (optional) 1.4.7 Using usb4rt with more than one device 1.4.8 Testing usb4rt 1.4.9 Debugging usb4rt 1.5 Issue Log 1.6 Random Notes: 1.6.1 Reinstalling Ubuntu while preserving partitions 1.6.2 Solving the "invalid arch independent ELF magic" GRUB issue 1.6.3 SSH woes Step-by-step guide for Installing Linux 3.8.13
    [Show full text]
  • Paravirtualizing Linux in a Real-Time Hypervisor
    Paravirtualizing Linux in a real-time hypervisor Vincent Legout and Matthieu Lemerre CEA, LIST, Embedded Real Time Systems Laboratory Point courrier 172, F-91191 Gif-sur-Yvette, FRANCE {vincent.legout,matthieu.lemerre}@cea.fr ABSTRACT applications written for a fully-featured operating system This paper describes a new hypervisor built to run Linux in a such as Linux. The Anaxagoros design prevent non real- virtual machine. This hypervisor is built inside Anaxagoros, time tasks to interfere with real-time tasks, thus providing a real-time microkernel designed to execute safely hard real- the security foundation to build a hypervisor to run existing time and non real-time tasks. This allows the execution of non real-time applications. This allows current applications hard real-time tasks in parallel with Linux virtual machines to run on Anaxagoros systems without any porting effort, without interfering with the execution of the real-time tasks. opening the access to a wide range of applications. We implemented this hypervisor and compared perfor- Furthermore, modern computers are powerful enough to mances with other virtualization techniques. Our hypervisor use virtualization, even embedded processors. Virtualiza- does not yet provide high performance but gives correct re- tion has become a trendy topic of computer science, with sults and we believe the design is solid enough to guarantee its advantages like scalability or security. Thus we believe solid performances with its future implementation. that building a real-time system with guaranteed real-time performances and dense non real-time tasks is an important topic for the future of real-time systems.
    [Show full text]
  • Xenomai - Implementing a RTOS Emulation Framework on GNU/Linux Philippe Gerum First Edition Copyright © 2004
    Xenomai - Implementing a RTOS emulation framework on GNU/Linux Philippe Gerum First Edition Copyright © 2004 Copyright © 2002 Philippe Gerum Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front- Cover Texts, and no Back-Cover Texts. A copy of the license is published on gnu.org: "GNU Free Documentation License" [http://www.gnu.org/licenses/ fdl.html]. April 2004 Abstract Generally speaking, the Xenomai technology first aims at helping application designers relying on traditional RTOS to move as smoothly as possible to a GNU/ Linux-based execution environment, without having to rewrite their application entirely. This paper discusses the motivations for proposing this framework, the general observations concerning the traditional RTOS directing this technology, and some in-depth details about its implementation. The Xenomai project has been launched in August 2001. It has merged in 2003 with the RTAI project [http://www.gna.org/projects/rtai/] to produce an industrial- grade real-time Free Software platform for GNU/Linux called RTAI/fusion, on top of Xenomai's abstract RTOS core. Eventually, the RTAI/fusion effort became independent from RTAI in 2005 as the xenomai project [http://www.gna.org/ projects/xenomai/]. Linux is a registered trademark of Linus Torvalds. Other trademarks cited in this paper are the property of their respective owner. 1 Xenomai - Implementing a RTOS emulation framework on GNU/Linux Table of Contents 1. White paper ................................................................................................. 2 1.1.
    [Show full text]
  • The Commission's Assessment of Microsoft's
    The Commission's assessment of Microsoft's innovation claims In the column "Prior Art", the symbol [PA] indicates that the reference is cited as prior art, the symbol [R] means that it is cited as a reference. The following applies in the column "References": [July-T, x] = 8 July Trustee report, page x [March-T, x] = 3 March Trustee report (as amending the 22 February Trustee report), page x [Ecis, x] = Ecis's comments to Microsoft's Response to the 1 March SO, page x Date of Reference in Microsoft's Protocol Technology Description of the technology Claimed benefit Assessment Prior Art References claim filing Active ADFS Combination of The combination of all the mentioned April 2004 The use of the five Microsoft's innovation report The claimed innovation is the [July-T, 4] Directory ADFS ADFS technologies. individual ADFS on "Microsoft Web Browse combination of different features Federation Technologies innovations in Federated Sign-on Protocol & belonging to the same protocol. Services combination is Microsoft Web Browser Combining these individual undisclosed and not Federated Sign-On Protocol features is an obvious step for a obvious. Extensions" person skilled in the art. NON-INNOVATIVE Active ADFS Defining ADFS defines communications between April 2004 The protocol Microsoft's innovation report The claim concerns resolving [PA] Anderson, Steve et al: Web Services [July-T, 4] Directory Authentication a resource identity provider and a web delivers on "Microsoft Web Browse problems which are specific to Trust Language (WS-Trust) (1 May 2004; [March-T, 110] Federation Communications service resource. maintainability by Federated Sign-on Protocol & Microsoft's implementation.
    [Show full text]