TEE_for_securing_COTS_devices.pdf (561.78 kB)
Download file

Position Paper: On Using Trusted Execution Environment to Secure COTS Devices for Accessing Industrial Control Systems

Download (561.78 kB)
posted on 2021-08-12, 16:48 authored by Quanqi Ye, Heng Chuan TanHeng Chuan Tan, Daisuke Mashima, Binbin Chen, Zbigniew Kalbarczyk
Industrial Control Systems (ICS) are traditionally designed to operate in an "air-gapped" environment. With the advent of digital technologies, many ICS are adopting IT solutions to improve interoperability and operational efficiency. Thus, the air-gap assumption no longer holds in practice. Most ICS devices today are modernized with networking capabilities to facilitate system maintenance, upgrades, and troubleshooting. Since these devices are connected to the Internet, ICS networks face the same security threats as regular IT systems. In addition, ICS operators can connect commercial off-the-shelf (COTS) equipment to ICS networks to perform operational tasks. Those COTS devices are usually personal computers or even mobile devices, which can be infected with malware and become weapons against ICS. In this position paper, we examine the design challenges of establishing trust between COTS equipment and ICS. We also present some commonly used security solutions and discuss their deployment challenges due to issues caused by legacy systems. Finally, we introduce the Trusted Execution Environment (TEE), a technology commonly available on modern COTS devices, as a trust anchor for establishing secure communications with the ICS infrastructure. We discuss some research gaps related to the use of TEE and propose some recommendations to guide future research.


National Research Foundation, Prime Minister's Office, Singapore under its Campus for Research Excellence and Techno- logical Enterprise (CREATE) programme.


Email Address of Submitting Author

ORCID of Submitting Author


Submitting Author's Institution

Advanced Digital Sciences Center

Submitting Author's Country

  • Singapore