Analysis of Existing Dynamic Software Updating Techniques for Safe and Secure Industrial Control Systems

Analysis of Existing Dynamic Software Updating Techniques for Safe and Secure Industrial Control Systems

Imanol Mugarza Jorge Parra Eduardo Jacob

IK4-Ikerlan Technology Research Centre, Dependable Embedded Systems Area

Faculty of Engineering, University of the Basque Country UPV/EHU

1 January 2018
| Citation



Higher interconnectivity among devices, machines, the cloud and humans is envisioned in the actual trend of automation, also known as Industrial Internet of Things (IIoT). These industrial control systems, which may require high availability and/or safety related capabilities, are no longer isolated from the corporate environment or Internet. Software updates will be needed during the product life cycle, due to the long service life, the increasing number of security related vulnerabilities discovered on these industrial control systems and the high interconnectivity desired in IIoT. These updates aim at fixing all these security weaknesses, bugs and vulnerabilities that could appear, while the required safety integrity levels are ensured. Security-related concerns have just been addressed by the safety engineering community, because of the increasing number of cyber-attacks against safety-critical systems, such as Stuxnet. Moreover, system shut-downs caused by software updates could not be plausible when high availability is required. Typically, in order to perform the software update, the whole industrial process or the production is halted, so that the software upgrade is safely applied. However, this scenario might not be applied in critical infrastructures, such as nuclear or hydro- electrical power plants, where these production and service interruptions are not acceptable from the business and service point of view. This article presents an analysis of existing dynamic software updating techniques, which may be applied for safe and secure industrial control systems. These techniques aim at updating the running code, without the need of a halt and restart, increasing the availability of the industrial system.


dynamic software updates, patches, safety, security, critical infrastructures

1. Introduction
2. Problem Statement
3. Dynamic Software Updating
4. Analysis of Existing Systems
5. Case Study
6. Conclusions

[1] Langner, R., Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security Privacy, 9(3), pp. 49–51, 2011.

[2] Paul, S. & Rioux, L., Over 20 years of research in cybersecurity and safety engineering: a short bibliography. Safety and Security Engineering VI.

[3] Paul, S., On the meaning of security for safety (S4S). WIT Transactions on The Built Environment, 151, pp. 379–389, 2015.

[4] K. S. Intelligence, “Industrial cybersecurity threat landscape,” ed, 2016.

[5] Hicks, M., Moore, J.T. & Nettles, S., Dynamic software updating. ACM, 36(5), pp. 13–23, 2001.

[6] Makris, K., Whole-program dynamic software updating. Arizona State University, Tempe, AZ, 2009.

[7] Hayden, C.M., Clear, correct, and efficient dynamic software updates, 2012.

[8] Seifzadeh, H., Abolhassani, H. & Moshkenani, M.S., A survey of dynamic software updating. Journal of Software: Evolution and Process, 25(5), pp. 535–568, 2013.

[9] Miedes, E. & Munoz-Escoi, F.D., Dynamic software update, Technical Report ITI-SIDI-2012/0042012.

[10] Stoyle, G., A theory of dynamic software updates, 2007.

[11] de Pina, L.G.G., Practical dynamic software updating. INSTITUTO SUPERIOR TECNICO, Lisbon, Portugal, 2016.

[12] Cadar, C. & Hosek, P., Multi-version software updates. In Proceedings of the 4th International Workshop on Hot Topics in Software Upgrades, pp. 36–40, 2012.

[13] Hosek, P. & Cadar, C., Safe software updates via multi-version execution. Proceedings of the 2013 International Conference on Software Engineering, pp. 612–621, 2013.

[14] Neamtiu, I., Hicks, M., Stoyle, G. & Oriol, M., Practical dynamic software updating for C. Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation, New York, NY, pp. 72–83, 2006.

[15] Necula, G.C., McPeak, S., Rahul, S.P. & Weimer, W., CIL: Intermediate language and tools for analysis and transformation of C programs. International Conference on Compiler Construction, pp. 213–228, 2002.

[16] Lattner, C. & Adve, V., LLVM: A compilation framework for lifelong program analysis & transformation. Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization, p. 75, 2004.

[17] Binnie, C., Zero downtime Linux. In Practical Linux topics: Springer, pp. 33–39, 2016.

[18] Makris, K. & Bazzi, R.A., Immediate multi-threaded dynamic software updates using stack reconstruction. USENIX Annual Technical Conference, San Diego, CA, 2009.

[19] Makris, K., Upstare manual,” ed, 2012.

[20] Chen, H., Chen, R., Zhang, F., Zang, B. & Yew, P.-C., Live updating operating systems using virtualization. Proceedings of the 2nd international conference on Virtual execution environments, Ottawa, Ontario, pp. 35–44, 2006.

[21] Makris, K. & Ryu, K.D., Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels. ACM SIGOPS Operating Systems Review, 41(3), pp. 327–340, 2007.

[22] Arnold, J. & Kaashoek, M.F., Ksplice: Automatic rebootless kernel updates. Proceedings of the 4th ACM European conference on Computer systems, Nuremberg, Germany, pp. 187–198, 2009.

[23] Krieger, O., Mergen, M., Waterland, A., Uhlig, V., Auslander, M., Rosenburg, B., Wisniewski, R.W., Xenidis, J., Da Silva, D., Ostrowski, M., Appavoo, J. & Butrico, M., K42: Building a complete operating system. ACM SIGOPS Operating Systems Review, 40(4), pp. 133–145, 2006.

[24] Baumann, A., Appavoo, J., Da Silva, D., Krieger, O. & Wisniewski, R.W., Improving operating system availability with dynamic update. Proceedings of the 1st Workshop on Operating System and Architectural Support for the On-Demand IT Infrastructure, Boston, MA, pp. 21–27, 2004.

[25] Baumann, A., Dynamic update for operating systems. Doctor of Philosophy, School of Computer Science and Engineering, The University of New South Wales, vol. 112, 2007.

[26] Baumann, A., et al., Providing Dynamic Update in an Operating System. USENIX Annual Technical Conference, General Track, pp. 279–291, 2005.

[27] Giuffrida, C., Kuijsten, A. & Tanenbaum, A.S., Safe and automatic live update for operating systems. ACM SIGARCH Computer Architecture News, 41, pp. 279–292, 2013.

[28] Giuffrida, C. and others, Safe and Automatic Live Update. VU University Amsterdam, 2014.

[29] Tanenbaum, A.S. & Woodhull, A.S., Operating Systems Design and Implementation, 3rd edn., Prentice-Hall, Inc.: Upper Saddle River, NJ, 2005.

[30] Montgomery, J., A model for updating real-time applications. Real-Time Systems, 27(2), pp. 169–189, 2004.

[31] Noubissi, A.C., Iguchi-Cartigny, J. & Lanet, J-L., Hot updates for Java based smart cards. Data Engineering Workshops (ICDEW), 2011 IEEE 27th International Conference, pp. 168–173, 2011.

[32] Gracioli, G. & Fröhlich, A.A., An operating system infrastructure for remote code update in deeply embedded systems. Proceedings of the 1st International Workshop on Hot Topics in Software Upgrades, New York, NY, 2008, p. 3.

[33] Kang, S., Chun, I. & Kim, W., Dynamic software updating for cyber-physical systems. The 18th IEEE International Symposium on Consumer Electronics (ISCE 2014), pp. 1–3, 2014.

[34] Wahler, M., Richter, S. & Oriol, M., Dynamic software updates for real-time systems. Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades, Orlando, FL, p. 2, 2009.

[35] M. Oriol, Wahler, M., Steiger, R., Stoeter, S., Vardar, E., Koziolek, H. & Kumar, A., FASA: a scalable software framework for distributed control systems. Proceedings of the 3rd international ACM SIGSOFT symposium on Architecting Critical Systems, pp. 51–60, 2012.

[36] Wahler, M., Oriol, M. & Monot, A., Real-time multi-core components for cyber-

physical systems. 2015 18th International ACM SIGSOFT Symposium on Component-Based Software Engineering (CBSE), pp. 37–42, 2015.

[37] Monot, A., Oriol, M., Schneider, C. & Wahler, M., Modern software architecture for embedded real-time devices: high value, little overhead. 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA), pp. 201–210, 2016.

[38] Wahler, M., Gamer, T., Kumar, A. & Oriol, M., FASA: A software architecture and runtime framework for flexible distributed automation systems. Journal of Systems Architecture, 61(2), pp. 82–111, 2015.

[39] Wahler, M., Richter, S., Kumar, S. & Oriol, M., Non-disruptive large-scale component updates for real-time controllers. Data Engineering Workshops (ICDEW), 2011 IEEE 27th International Conference, pp. 174–178, 2011.

[40] I. E. Commission and others, “Functional safety of electrical/electronic/programmable electronic safety related systems,” IEC 61508, 2000.

[41] Pierce, R.H., Preliminary assessment of Linux for safety related systems. HSE Books, 2002.

[42] Mc Guire, N., Linux for safety critical systems in IEC 61508 Context. Proceedings of the Ninth Real-Time Linux Workshop in Linz, 2007.

[43] Seifzadeh, H., Kazem, A.A.P., Kargahi, M. & Movaghar, A., A method for dynamic software updating in real-time systems. 2009 Eighth IEEE/ACIS International Conference on Computer and Information Science, pp. 34–38, 2009.

[44] Kesler, B., The vulnerability of nuclear facilities to cyber attack. Strategic Insights, 10(1), pp. 15–25, 2011.

[45] Thomson, J., High Integrity Systems and Safety Management in Hazardous Industries. Butterworth-Heinemann, 2015.

[46] Garland, W.J., Decay heat estimates for MNR. McMaster Nuclear Reactor, McMaster University, Ontario, 1999.

[47] Holt, M., Campbell, R.J. & Nikitin, M.B., Fukushima nuclear disaster. Congressional Research Service, 2012.