S2OPC — Safe, Secure, Open Source OPC-UA

The benefits of open source

S2OPC logo

Following the INGOPCS R&D project initiated with the support of the ANSSI, Systerel has built upon its experience of safe critical systems to develop a free and secure OPC UA stack under the Apache 2.0 license: Safe and Secure OPC (S2OPC).

In this article, we will give an overview of OPC UA, describe the S2OPC product, and then focus on the benefits and challenges of the open source approach for such a development.

OPC UA

OPC UA logo

OPC UA is an international communication standard defining an application level protocol that aims at handling all the communications of an industrial system ranging from sensors and actuators up to the cloud, and including PLCs, SCADA/ICS and other servers in the plants.

OPC UA is recommended by several consortia around the world.

OPC UA is recommended by several consortia around the world.

We will not paraphrase the Wikipedia nor the OPC Foundation web pages, but two aspects that we feel are paramount in this protocol are:

Interoperability

The protocol is standardized. It is maintained and developed by different working groups under the aegis of the OPC foundation, a foundation that accredits laboratories carrying out certifications of conformance to the standard

Security

The protocol is designed to take into account security constraints. The BSI (German equivalent of the French ANSSI) analysed the OPC UA protocol and confirmed that it has been designed with security in mind and that it does not contain any security flaw by design.

S2OPC — Safe and Secure OPC

Why S2OPC ?

ANSSI logo

As a result of the R&D project INGOPCS initiated with the support of ANSSI, Systerel launched the S2OPC product whose development has been carried out with Systerel’s own funding.

Before the beginning of the project, the ANSSI did the following analysis:

  • there are an increasing number of attacks on SCADA (see for example Stuxnet in 2010),

  • these SCADA and ICS are more and more interconnected or even connected to external networks such as the Internet,

  • there was little or no secure protocol stack for SCADA on the market 1,

  • the need for an open source, secure and modern OPC UA stack developed in France or in Europe was becoming more and more important.

Project objectives

The project was launched with the following four main objectives:

Certification first and foremost

A security or safety certification cannot be improvised at the end of the project. The design and organizational choices must be made from the outset in a way that takes into account the constraints of certification. For S2OPC three types of certification are being considered:

  • interoperability certification within the framework of the OPC foundation: the certificate should be obtained in Q1 2020.

  • one or more security certification issued by ANSSI: a first ANSSI certification assessment is in progress.

  • a safety certification according to EN 50128 or similar standards: S2OPC is already embedded in a SSIL2 railway equipment.

Embedded development

The need of the industry is clearly to be able to embed a secured stack on small, energy-efficient equipment.

S2OPC is of modest size (1MB ROM, 256KB RAM for the OPC UA server and the PubSub feature) and in addition to Linux and Windows, it has already been ported to FreeRTOS, Zephyr, VxWorks, …

Scalability

The stack is designed to run on systems supervising several plants and they must be able to handle hundreds of thousands of variables and messages without a glitch.

Performance

Performance is a persistent concern of the design team and all design decisions take this factor into account. S2OPC has always ranked first on our performance benchmarks.

Real-time performance are not forgotten as we achieved PubSub transmissions with a periodicity of 100 µs between two STM32 nucleo-144 cards.

Certification

The certification requirements dictate two constraints on the development. The first one is to obtain a very good product with respect to the security or safety requirements.

And the second one is to be able to provide evidences of the quality of the product.

The expected evidences are from different types. For example:

  • the existence of a development process (ISO9001…),

  • the existence of documentation (plans, specification, design, verification reports…)

  • the deployment of test benches (unitary, integration, validation, fuzzing, penetration testing…)

  • the production of traceability (who, when, what…),

In any case, these constraints must be taken into account at the very beginning of the project: it is extremely difficult to bring an existing product to a certification.

Open Source Software

Systerel is a daily user of open source software ranging from the Linux OS which is used on a large number of workstations and for the IT infrastructure, to the GCC or LLVM compilers, including some containerization solutions like Docker and many other tools.

In addition to S2OPC, we contribute back to the world of free software from different ways:

Rodin logo

We are the main developers of the Rodin platform , a modeling IDE for the event-B formal notation.

We also encourage our engineers to contribute back to open source software they use whether through bug reports, patches or documentation.

Open Source Benefits

Short Term Benefits

Thanks to the community!

Thanks to the open source community we have been able to implement a number of tools in our continuous integration in order to help us ensuring an excellent level of quality. For example, the code is compiled with four different compilers: GCC, Mingw, Visual Studio and LLVM.

Each of these compilers reports different errors and the ability to use more than one of them help us eliminate more problems.

For example, the test-check target defined in the gitlab-ci.yaml runs the following actions :

  • check for the absence of functions and include in order to comply with a number of CERT rules,

  • launch a compilation with clang and some purposefully selected options,

  • run a static analysis with clang tidy,

  • run a static analysis with clang analyzer,

  • check that the code is properly formatted with clang format,

  • check that the author is in the list of contributors,

  • check that all the files modified by a commit contain a license notice.

Mininet was also used to set up a performance test bench, as described in a previous article.

In addition to the usual open source tools, some publishers offer their services to open source projects. We now use Gitlab , Coverity, Appveyor, Visual Studio CE or OSS Fuzz :

Gitlab gold

Hosting, CI, code review

gitlab

Coverity

Static code analysis

coverity

Visual Studio CE

Windows development tool

visualstudio

Appveyor

Windows CI

appveyor

OSS Fuzz

Fuzzing

google

Coverity is a powerful static analyzer. Here is an example of an error message produced by Coverity:

*** CID 350732:  Resource leaks  (RESOURCE_LEAK)
/builds/systerel/S2OPC/csrc/services/b2c/address_space_bs.c: 419 in address_space_bs__read_AddressSpace_Value_value()
413         }
414         else
415         {
416             if (SOPC_LocalizedText_Id == value->BuiltInTypeId)
417             {
418                 // Get preferred localized text(s) (single value, array or matrix)
    CID 350732:  Resource leaks  (RESOURCE_LEAK)
    Overwriting "value" in "value = util_variant__set_PreferredLocalizedText_from_LocalizedText_Variant(value, address_space_bs__p_locales)"
    leaks the storage that "value" points to.
419                 value =
420                     util_variant__set_PreferredLocalizedText_from_LocalizedText_Variant(value, address_space_bs__p_locales);
421             }
422         }
423
424         if (address_space_bs__index_range == NULL || address_space_bs__index_range->Length <= 0)

Long Term Benefits

In the long run, using a free license increases the visibility of S2OPC and its adoption due to the lift of some usual restrictions of proprietary software:

  • no license fee,

  • no license server,

  • simple distribution (download on gitlab)

Having more visibility and more users is desirable for the economic growth (sale of services, certificates, training, support, etc.) but also for the quality of the product: more users means on the long term more field testing, more feedback, more contributions (merge requests, bug reports, financial support,…).

In the end the bet is to have more commercial opportunities by seizing the open source model.

Footnotes

1

Kaspersky have performed a security analysis of an OCP-UA stack in which they found 17 zero-day vulnerabilities: https://ics-cert.kaspersky.com/reports/2018/05/10/opc-ua-security-analysis/

Comments