MID-061: Use Separate Processors for Isolation
Mitigation Tier: Intermediate
Description
Inter-process data leakage side channels like Spectre, Meltdown, etc. that rely on memory cache behavior, speculative execution, and similar processor features can only occur when workloads share the same processor. Isolating workloads onto multiple physically separate processors avoids any such potential problems.
Partitioning workloads by criticality or security level is recommended. For example, functions that process untrusted data or otherwise make up the device’s attack surface should be separated from security and functionality critical operations. Avoid separating security decisions (e.g., authorization checks, signature validations) from the data and operations they govern; doing so can introduce weaknesses that allow bypassing those checks.
Limitations: Adding additional processors to separate device functions and data necessarily increases the complexity and cost of the device’s hardware and software. If chosen, care must be taken to avoid introducing new vulnerabilities in the course of implementing this mitigation approach.
IEC 62443 4-2 Mappings
- CR 2.1 – Authorization enforcement (1) Authorization enforcement for all users (humans, software processes and devices)