Effizienter Schutz der IT-Sicherheit auf der Feldebene von Automatisierungssystemen

The increasing application of networked computers at the field level of industrial automation systems causes weaknesses concerning the security of the field level. The field level realizes the connection of an industrial automation system to the technical process, which is executed in a technical system. Due to this task, the technical system and the field level are closely coupled and often widely distributed or publicly accessible. As a result, unauthorized persons may obtain physical access to the field level and conduct attacks against the security of the field level. Such attacks could be the distortion of communication or the change of functions that are realized as software. In particular, it is also possible to annul functions designed to prevent dangerous situations, e.g. emergency shutdown. This can result in intentionally effectuated malfunctions of the industrial automation system as well as of the technical system. Such malfunctions endanger the safety, the reliability, and the availability of industrial automation systems. Thus, they undermine all properties that are required to place full confidence in the functioning of an industrial automation system. For this reason, security protection of the field level is imperative. Due to the exposure and the spatial distribution of many industrial automation systems, attacks on the security of the field level can in many cases not be prevented. Instead, the field level itself must be hardened in such a way that attacks against field level security do not cause malfunctions. Due to economical constraints, the protection has to entail no or only low costs and it has to be effective against the comprehensive possibilities of manipulation that are available to a determined attacker. The concept of efficient security protection at field level, which has been developed within this thesis, adapts well-proven functional principles in a way that they can be executed in the form of software protection mechanisms by typical system elements of the field level. This is achieved by a software architecture that allows for variable combination and multiple use of the protection mechanisms. Thereby, the protection can be adapted to the hazards at hand, so that only the minimally required scope and strength of protection can be applied and the associated resource overhead is minimized. Furthermore, the concept is designed to fulfill real-time requirements and can be adapted to different technologies.