KSS allows the development of security policies to control system state. In order to define such policies, a specific language, called temporal logic, shall be used
It is necessary to define security policies for the variables in the IEC-application.
Such variables are accessed using an OPC UA client.
If the OPC UA client writes a value that leads to undefined and unsecure state in the PLC/Machine, then KSS shall report a security violation to CODESYS Log.
The approach to define system security using temporal logic was proposed by Kaspersky and was studied in the company. The first prototype was developed using C and Linux to prove the concept. Then, the security policy management was integrated in the pre-existing Matrikon OPC UA implementation for CODESYS (more information). A wizard to describe security policies was developed for CODESYS. The user selects the variables that must be controlled by KSS and defines the security rules. Then, the security policies can be downloaded into the PLC together with the application. A specific download approach was implemented for this purpose.
This project was a prototype and ended to be useful to extend ESS with specific security policies for the OPC UA communication. This result can be extremely useful in modern automation systems and IoT components that require both high-end security and OPC UA communication.