Abstract: A system, template, and method of managing virtual control units in an industrial automation facility are provided. The industrial automation facility includes machines. The method includes generating templates including deployment criteria for the virtual control units. Each of the virtual control units is capable of controlling at least one of the machines. The virtual control units are mapped to one or more compute nodes based on the deployment criteria. The virtual control units are instantiated on the mapped compute nodes when the controlled machines are in operation. The method includes validating that the instantiation of the virtual control units is in accordance with the templates using an attestation that confirms determined deployment parameters after deployment of the virtual control units. The machines perform the industrial process, according to control commands received from at least one of the virtual control units, when the virtual control units are validly instantiated.

Abstract: Various embodiments of the teachings herein include an attestation component configured to attest a cloud-based execution environment. The cloud-based execution environment comprises at least one application instance and a project plan assigned to the at least one application instance. The attestation component may include: a determination component configured to determine at least one piece of trustworthiness information indicating a trustworthiness of the cloud-based execution environment and of the at least one application instance; and a linking component configured to establish a link between the trustworthiness information and the project plan.

Abstract: Method and system for providing control applications for industrial automation devices, wherein in order to provide control applications, which are each provided via flow control components, the flow control components are each classified, based on configuration information, or referenced memory maps, with respect to access to at least one socket of a flow control environment when their execution is started, where a classification for each of the flow control components is used to create or reference a permissions profile for socket access, an individual token, associated with a permissions profile, for the socket access is created for each flow control component and transferred to the respective flow control component, and where the tokens and/or the permissions profiles each have an application-specific resource access guideline combined with therewith which is transmitted to a control component for application, which control component opens the respective socket.

Abstract: A method for verifying an execution environment provided by a configurable hardware module, where the execution environment is used for execution of at least one hardware-application, includes receiving a hardware-application 16. The hardware-application includes configuration data describing an instantiation as a hardware-application component on the configurable hardware module. A received hardware-application is instantiated as the hardware-application component in the execution environment. The execution environment of the configurable hardware module that executes the hardware-application component in the respective execution environment is analyzed by an instantiated hardware-application component. The hardware application component communicates with a characterizing unit providing characterizing parameters for the execution environment of the configurable hardware module.

Abstract: The following relates to a hardware security module for usage with manufacturing devices and a method for operating the same is provided. The security module includes: a secure element, which is adapted to detect an operating mode of the hardware security module; a first interface which is adapted to receive commands for controlling the hardware security module; a central processing unit for processing application program code in a secure environment; a second interface which is adapted for receiving configuration data, wherein the second interface is activated and deactivated in dependence of the detected operating mode.

Abstract: Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.

Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.

Abstract: Various embodiments of the teachings herein include an integrity monitoring system for runtime integrity monitoring of a control device connected to sensors and/or actuators and comprising an automation device for collecting operating state data of the control device. The system may include an integrity monitoring unit detachably connectable directly to the control device to monitor the integrity status of the control device on the basis of operating state data transferred from the automation device to the integrity monitoring unit.

Abstract: A method for securely starting device software is provided, in particular an operating system, of an electronic device, wherein a plurality of successive software modules which contain software code are run by the device. The method has the steps of: a) running the first software module, b) loading the subsequent software module using the preceding software module, c) checking the software code of the subsequent software module and identifying security features using an identification scheme, d) evaluating the identified security features using a security, e) running the subsequent software module if the evaluation results in a value of trustworthiness that lies above a specified threshold, and f) running steps b) to e) for each of the subsequent software modules.

Abstract: A method for protecting the integrity of log data. The log data includes a sequence of log data elements associated with an operation of a first logic circuit. The method includes receiving, at a second logic circuit remote from the first logic circuit, a log data element of the sequence of log data elements. Based on the log data element and secret information unknown to the first logic circuit, a protected log data element is generated at the second logic circuit is provided.

Abstract: A method for verifying an execution environment provided by a configurable hardware module, where the execution environment is used for execution of at least one hardware-application, includes receiving a hardware-application 16. The hardware-application includes configuration data describing an instantiation as a hardware-application component on the configurable hardware module. A received hardware-application is instantiated as the hardware-application component in the execution environment. The execution environment of the configurable hardware module that executes the hardware-application component in the respective execution environment is analyzed by an instantiated hardware-application component. The hardware application component communicates with a characterizing unit providing characterizing parameters for the execution environment of the configurable hardware module.

Abstract: A method for key management in a field-programmable integrated part of an integrated circuit is disclosed herein. According to the method, a hardware configuration for the field-programmable integrated part is loaded into the field-programmable integrated part. The hardware configuration includes a key derivation functionality. Further, using the key derivation functionality, a cryptographic key is derived based on information provided in the field-programmable integrated part.

Abstract: A die arrangement and a method of monitoring the same are provided. The die arrangement includes a plurality of dies and a physical interconnection structure extending between and traversing the plurality of dies. The physical interconnection structure is arranged for imparting unpredictable, yet reproducible properties to a digital signal being carried on the physical interconnection structure. The die arrangement further includes a monitoring logic for monitoring the properties of the digital signal. This enables detection of tampering of topological arrangements of semiconductor dies to one another.

Abstract: Incoming and outgoing communication of a hardware-application component is monitored and controlled at runtime of the hardware-application component. In this way, a kind of firewall is provided for ensuring secure and un-altered operation of a hardware-application performing security-critical functionalities on a field-programmable gate array. The hardware-application component may interact with other components directly and/or via an on-chip bus. The monitoring of incoming and/or outgoing communication is particularly advantageous when using third party hardware-applications or software applications, i.e., applications developed by untrusted parties. Another advantage is the possibility of monitoring and controlling all the communication between hardware-applications, hardware- and software applications, hardware-applications and peripherals, IO controllers, etc.

Abstract: A method for granting access to objects by entities in a computerized system includes: providing an access control list (ACL) specifying for each object access rights to the objects of the computerized system; assigning a capability requirement information to at least one of the objects in the ACL; assigning a capability information to at least one entity of the entities in the computerized system; requesting access to an object by an entity; checking if the requesting entity has an access right in accordance with the ACL; and granting access to the requested object by the requesting entity only when the capability information assigned to the requesting entity matches with the capability requirement information assigned to the requested object. The combination of an ACL based access to files with capabilities improves the security of the system.

Abstract: Provided a method for configuring a security module with at least one derived key, having the following steps: providing a key; deriving a further key from the provided key or from a key previously derived from the provided key, wherein the further key is derived by using an alterable digital fingerprint as key derivation parameter, which is formed on the basis of a measurable current runtime configuration of a runtime environment communicating with the security module.

Abstract: Provided is a method for orchestrating a container-based application that is executed on a terminal device, in which implementation information is received in an orchestration slave unit on the terminal device via a communication connection from an orchestration master unit, and the application is configured and/or controlled by the orchestration slave unit based on the implementation information, wherein the received implementation information is additionally saved persistently in a memory unit in the terminal device, and if the communication connection to the orchestration master unit is interrupted, the most recently saved implementation information is retrieved from the orchestration slave unit and the application is configured and/or controlled based on the most recently saved implementation information.

Abstract: The following relates to a hardware security module for usage with manufacturing devices and a method for operating the same is provided. The security module includes: a secure element, which is adapted to detect an operating mode of the hardware security module; a first interface which is adapted to receive commands for controlling the hardware security module; a central processing unit for processing application program code in a secure environment; a second interface which is adapted for receiving configuration data, wherein the second interface is activated and deactivated in dependence of the detected operating mode.

Abstract: A method for providing restricted access to hardware component interfaces of a network device by one or more software components of the network device, wherein an access to a hardware component interface requested by a software component is permitted by a mandatory access control, MAC, mechanism implemented as part of the network device's operating system on the basis of a MAC security policy including access rights defined as access relations between software component security labels assigned to software component types and hardware component interface security labels assigned to hardware component interface types.

Abstract: Various embodiments disclosed help to implement integrity verification of sensors and signaling lines of the sensors. According to various embodiments, this is achieved by performing an analysis of a noise signal on the signaling line and transmitting check data indicative of a result of the analysis.