Analysis of Industrial Device Architectures for Real-Time Operations under Denial of Service Attacks

TL;DR

This paper evaluates different industrial device architectures and scheduling strategies for their resilience against DoS attacks, focusing on real-time operation stability during network overloads in Linux-based systems.

Contribution

It compares various secure device architectures and schedulers, highlighting their robustness against DoS attacks in industrial environments.

Findings

Heterogeneous multi-core architectures show increased robustness.

Certain schedulers maintain real-time performance under attack.

Network load significantly impacts device stability.

Abstract

More and more industrial devices are connected to IP-based networks, as this is essential for the success of Industry 4.0. However, this interconnection also results in an increased attack surface for various network-based attacks. One of the easiest attacks to carry out are DoS attacks, in which the attacked target is overloaded due to high network traffic and corresponding CPU load. Therefore, the attacked device can no longer provide its regular services. This is especially critical for devices, which perform real-time operations in industrial processes. To protect against DoS attacks, there is the possibility of throttling network traffic at the perimeter, e.g. by a firewall, to develop robust device architectures. In this paper, we analyze various concepts for secure device architectures and compare them with regard to their robustness against DoS attacks. Here, special attention is paid to how the control process of an industrial controller behaves during the attack. For this purpose, we compare different schedulers on single-core and dual-core Linux-based systems, as well as a heterogeneous multi-core architecture under various network loads and additional system stress.