Blog

As I mentioned in an earlier post, in the weeks to come I will be describing the expansion of the Achilles Certification program. Let’s start this discussion today by talking about host-based device (HBD) certification. A host-based device is “a general purpose device running a general purpose operating system (eg Windows OS, Linux) capable of hosting one or more applications, data stores or functions.” An HBD is what the control engineer uses to interface with the DCS or SIS system (an embedded device in Wurldtech’s device taxonomy). Examples of HBDs are HMIs or engineering workstations.

The best way to describe how we certify host-based devices is to compare it to how we certify embedded devices. Achilles Level 1 Certification for embedded devices tests the link, network, and transport layers of the network stack. The rationale behind testing these lower layers of the stack are twofold. One, the tested protocols are extremely widespread and very commonly used. Network attacks will be executed via these protocols, and so they need to be tested. Two, the network stack itself is not widely used (relative to IT counterparts) and may not have been rigorously tested. While these tests are executed, we monitor two aspects of the device-under-test (DUT): the availability of the network stack and the operation of the DUT’s control functionality. The network stack and control functionality must maintain an acceptable level of performance to achieve certification.

For Level 1 host-based devices, the test methodology is the same: we test the link, network, and transport layers of the network stack. However, one of the crucial tenets of embedded device certification does not hold: since host-based devices run general purpose operating systems, their network stacks are widely used and have been subjected to a great deal of testing, particularly in the field. Furthermore, for us to certify a host-based device’s network stack would essentially mean that we are certifying Windows, and not the vendor that has solicited the certification. If any issues are discovered, the vendor would be unable to fix the problem themselves.

Considering the differences in the network stack, the purpose of host-based device certification is not to test the Windows stack, but rather, to test any modifications/additions/replacements to the stack that have been made by the vendor. For instance, consider HBD’s that make use of Fault-Tolerant Ethernet (FTE): their network stacks must be modified as FTE requires a different link-layer protocol. In addition, HBD certification also tests the HBD’s network services. For level 1 certification this is not done through explicit application layer tests, but rather through transport layer tests that target each of the discovered open ports.

Finally, the conformance criteria for HBD certification differs, of course, from embedded device certification as the primary purpose of these two device types is quite different. Like embedded device certification, the availability of the network stack is monitored. However, unlike embedded device certification, the status of the processes running on the HBD and their resource utilization is monitored in lieu of control capability.