Hardware-Based Isolation Technique to Guarantee Availability of Security Controls in a Gateway for Industrial Networks

Protocols such as DNP and Modbus are widely used in many industrial networks, and security controls are often employed in a protocol gateway placed in-between public and trusted networks. In this paper, an architecture is proposed to protect the security controls running in a hardware-isolated space by providing an isolation environment to the protocol stack and security controls via TrustZone, even if the protocol stack is compromised. In addition, we evaluate whether our proposed architecture can protect against attack scenarios such as manipulation commands, information leakage, and fuzzing attacks, and we compare the performance of the gateway with and without TrustZone.