Skip to content

Secure app development

The principles, prerequisites and requirements for IE app development can be found online here.

Further information on how to develop apps and how to load them to the IEM or to the IE Hub can be found in these documents:

  • Industrial Edge App Publisher – Operation
  • Industrial Edge - Publishing Apps to the IE Hub

Docker Security Policies

Industrial Edge relies on default Docker security configuration to restrict app permissions.

By default, containers used for Industrial Edge Apps shall NOT break container isolation boundaries, i.e., they should …

  • not use Linux namespaces of the underlying Industrial Edge device,
  • not run in privileged mode, and
  • not run with root privileges.

If an Industrial Edge App requires elevated privileges, containers belonging to this App can request additional permissions and capabilities in the app metadata This metadata is displayed upon installation, so the operator can accept these permissions or reject the installation of the App. The least privilege principle shall be applied to minimize the attack surface of an attacker having unauthorized access to an app to reduce the potential impact of a successful attack.

Usage of Trustworthy (Docker) Container Images

Customers are responsible for the content and security of their apps. For minimizing the attack surface, the apps shall have a minimized software footprint. Components running inside the container shall be configured securely according to the least privilege principle. Furthermore, customers are responsible for using only trustworthy (Docker) container images from a trustworthy container registry respectively from trusted resources for their own apps and check them accordingly. Customers also must ensure to deliver security patches in a certain time.

Storing Access Credentials and Confidential Key Material

Access credentials must NOT be stored in container images or the docker-compose.yml being part of an Industrial Edge App. The credentials must be device specific and stored on the persistent storage of the device. Shared credentials are NOT allowed due to security reasons.