Abstract: A method for granting access to objects by entities in a computerized system includes: providing an access control list (ACL) specifying for each object access rights to the objects of the computerized system; assigning a capability requirement information to at least one of the objects in the ACL; assigning a capability information to at least one entity of the entities in the computerized system; requesting access to an object by an entity; checking if the requesting entity has an access right in accordance with the ACL; and granting access to the requested object by the requesting entity only when the capability information assigned to the requesting entity matches with the capability requirement information assigned to the requested object. The combination of an ACL based access to files with capabilities improves the security of the system.

Abstract: Various embodiments of the teachings herein include a container runtime environment comprising: container application instances; and container monitoring instances. The container monitoring instances monitor the container application instances. Monitoring of the container application instances includes subdivided monitoring tasks. Each monitoring task is assigned at least one privilege exclusively enabling an execution of the respective assigned monitoring task. Execution of the monitoring task comprises enforcement of an assigned set of rules. The container monitoring instances are each allocated a monitoring task. The container monitoring instances each have the at least one privilege assigned to their monitoring task.

Abstract: A method for securely starting up a container instance in one or more execution environments for one or more components of a technical installation, such an execution environment being designed to execute the container instance includes the following method steps: a) providing a configurable check function that is performed before and/or while starting up the container instance, b) logging each step for preparing at least one execution limitation required for starting up and/or executing the container instance, c) checking each logged step using at least one permissibility criterion configured in the check function, and d) completing the startup and if necessary the execution of the container instance if the at least one permissibility criterion is satisfied, or e) initiating an alerting measure or a measure that counteracts the startup if at least one of the possible permissibility criteria is not satisfied.

Abstract: A method for updating a software component is provided, having the steps of: retrieving deployment information for the software component, wherein the deployment information includes information on program parts of the software component and the runtime configuration thereof; checking whether at least one program part has a flaw and identifying the program part; determining a runtime limitation for the program part which has been identified as having a flaw; adding runtime limitation information to the deployment information for the software component; and carrying out the deployment of the software component on the basis of the deployment information, wherein upon being ran, the software component is subject to the runtime limitation according to the runtime limitation information. Analyzing and temporarily adapting runtime configuration information of a deployment configuration for correcting flaws in software components to be updated simplifies the handling of zero-day exploit vulnerabilities.

Abstract: A method for providing control applications, wherein each of the control applications is provided by a flow control component, which is loadable onto a flow control environment formed via a server device and that is executed thereon, where control applications that require selected security authorizations are assigned a respective label as security-critical control applications, at least one respective flow condition is ascertained for the selected security authorizations for the control applications that are assigned a label as a security-critical application, the flow control environment checks for the occurrence of the respective flow condition while the flow control components for the control applications are being executed, and where the execution of each of the flow control components is terminated when the respective flow condition occurs.

Abstract: A method for key management in a field-programmable integrated part of an integrated circuit is disclosed herein. According to the method, a hardware configuration for the field-programmable integrated part is loaded into the field-programmable integrated part. The hardware configuration includes a key derivation functionality. Further, using the key derivation functionality, a cryptographic key is derived based on information provided in the field-programmable integrated part.

Abstract: Various embodiments of the teachings herein include methods and/or systems for checking a configuration of at least one component of an automation installation. An example method includes checking configuration data of the at least one component for admissibility using a checking server different from the at least one component.

Abstract: A method and assembly for resource sharing in an orchestrated environment is provided including a first cluster and a second cluster, wherein each cluster automatically managing a container instance on at least one node of the clusters, the instance being designed to: receive a request including a provisioning policy; determine a first utilization status of first nodes of the first cluster; determine a second utilization status of second nodes; select a target node from one of the first and second according to the provisioning policy and according to the first utilization status and the second utilization status via the first orchestration unit; and start the container instance on the target node using the second orchestration unit, if the selected target node is a second node.

Abstract: Provided is a method for orchestrating a container-based application that is executed on a terminal device, in which implementation information is received in an orchestration slave unit on the terminal device via a communication connection from an orchestration master unit, and the application is configured and/or controlled by the orchestration slave unit based on the implementation information, wherein the received implementation information is additionally saved persistently in a memory unit in the terminal device, and if the communication connection to the orchestration master unit is interrupted, the most recently saved implementation information is retrieved from the orchestration slave unit and the application is configured and/or controlled based on the most recently saved implementation information.

Abstract: A system, inspection device and method for securely executing control applications, wherein at least one event is defined for at least one control application and the event is triggered upon potential manipulation of program code associated with the control application and/or of at least one peripheral connected to a program flow controller processing the program code, where the program flow controller monitors a flow of the control application for deviations from an expected flow behavior and triggers the defined event upon a deviation, following triggering of the defined event, the program code is processed further by the program flow controller and the event is reported to an inspection device separate from the program flow controller where the inspection device places the control application and control components with an interdependency thereon into a predefined safe operating state upon detecting a flow behavior of the control application that contravenes the inspection rules.

Abstract: Various embodiments of the teachings herein include a method for checking container applications on a host system for manipulation. An example method includes: starting a respective checking process on the host system for each of at least two of the container applications; and assigning the respective checking process using a data-technology linkage. The checking processes subject the current behavior of at least one of the container applications other than the respective assigned container application to a comparison with a reference behavior of the at least one other container application.

Abstract: Various embodiments of the teachings herein include a method for determining the integrity of data processing of operative data using a trusted execution environment. The method may include: presenting the trusted execution environment with input data including the operative data and test data; processing the input data to produce output data; subjecting that portion of the output data formed by the processed test data to a comparison with reference data; and using the comparison as a basis for determining the integrity of the data processing.

Abstract: A system, template, and method of managing virtual control units in an industrial automation facility are provided. The industrial automation facility includes machines. The method includes generating templates including deployment criteria for the virtual control units. Each of the virtual control units is capable of controlling at least one of the machines. The virtual control units are mapped to one or more compute nodes based on the deployment criteria. The virtual control units are instantiated on the mapped compute nodes when the controlled machines are in operation. The method includes validating that the instantiation of the virtual control units is in accordance with the templates using an attestation that confirms determined deployment parameters after deployment of the virtual control units. The machines perform the industrial process, according to control commands received from at least one of the virtual control units, when the virtual control units are validly instantiated.

Abstract: Various embodiments of the teachings herein include an attestation component configured to attest a cloud-based execution environment. The cloud-based execution environment comprises at least one application instance and a project plan assigned to the at least one application instance. The attestation component may include: a determination component configured to determine at least one piece of trustworthiness information indicating a trustworthiness of the cloud-based execution environment and of the at least one application instance; and a linking component configured to establish a link between the trustworthiness information and the project plan.

Abstract: Method and system for providing control applications for industrial automation devices, wherein in order to provide control applications, which are each provided via flow control components, the flow control components are each classified, based on configuration information, or referenced memory maps, with respect to access to at least one socket of a flow control environment when their execution is started, where a classification for each of the flow control components is used to create or reference a permissions profile for socket access, an individual token, associated with a permissions profile, for the socket access is created for each flow control component and transferred to the respective flow control component, and where the tokens and/or the permissions profiles each have an application-specific resource access guideline combined with therewith which is transmitted to a control component for application, which control component opens the respective socket.

Abstract: A method for verifying an execution environment provided by a configurable hardware module, where the execution environment is used for execution of at least one hardware-application, includes receiving a hardware-application 16. The hardware-application includes configuration data describing an instantiation as a hardware-application component on the configurable hardware module. A received hardware-application is instantiated as the hardware-application component in the execution environment. The execution environment of the configurable hardware module that executes the hardware-application component in the respective execution environment is analyzed by an instantiated hardware-application component. The hardware application component communicates with a characterizing unit providing characterizing parameters for the execution environment of the configurable hardware module.

Abstract: The following relates to a hardware security module for usage with manufacturing devices and a method for operating the same is provided. The security module includes: a secure element, which is adapted to detect an operating mode of the hardware security module; a first interface which is adapted to receive commands for controlling the hardware security module; a central processing unit for processing application program code in a secure environment; a second interface which is adapted for receiving configuration data, wherein the second interface is activated and deactivated in dependence of the detected operating mode.

Abstract: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.

Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.

Abstract: Various embodiments of the teachings herein include an integrity monitoring system for runtime integrity monitoring of a control device connected to sensors and/or actuators and comprising an automation device for collecting operating state data of the control device. The system may include an integrity monitoring unit detachably connectable directly to the control device to monitor the integrity status of the control device on the basis of operating state data transferred from the automation device to the integrity monitoring unit.