Industrial Internet Security Framework v 1.0 | Page 62

Security Framework
•

•

•

•

•

•

1

8: Protecting Endpoints

Changes in hardware components and configuration, ①: Hardware integrity must be
assured throughout the endpoint lifecycle to deter uncontrolled changes to the hardware
components. A potential vulnerability of the hardware is the usurpation of some part of
the hardware resources. The endpoint must be able to protect itself against unauthorized
access and the monopolizing of key resources such as memory, processing cycles and
privileged processing modes.
Intercepts or overrides of the system boot process, ②+③: The endpoint boot process can
be altered by modifying the firmware interface between the hardware platform firmware
and the operating system such as the unified extensible firmware interface (UEFI) or basic
Input/output system (BIOS) 1. Changes to the bootloader are another threat as changes
could compromise the integrity of the endpoint by starting unauthorized or insecure
versions of the operating system. Attacks at this level could also affect the normal or
secure boot process of the endpoint, the recognition of all the hardware resources and
the establishment of a solid root of trust for securing other components.
Compromises to the Guest OS, Hypervisors and Separation Kernels, ④+⑤: These software
layers control allocation of hardware resources to applications. Attacks to these layers
can alter the behavior of the system, allow information flows to bypass security controls
and enable attackers to gain privileged access to endpoint hardware and software
resources. Once access is gained to this layer, attackers will have opportunity to affect the
entire software stack and further alter security controls built in to this level.
Illicit changes to Application Software or exposed Application Programming Interface
(API), ⑥+⑦+⑧+⑨: Endpoint applications are often the target for malware or an attacker
seeking to infiltrate and compromise the endpoint. Execution of malicious applications or
overriding of application APIs can adversely impact the trustworthiness of the endpoint.
Exposed APIs should also be protected against denial of service attack where continuous
access from unauthorized users could limit the responsiveness and access to the exposed
functionality.
Vulnerabilities of the Deployment Process, ⑩: Errors and potential malicious code may
also infiltrate the endpoint as part of the deployment process, for example, incorrect or
malicious installation scripts, intercepted communications, or unauthorized replacement
of a package on the update server. Reduction of possible endpoint configurations in largescale endpoint deployments will be important in reducing complexity and vulnerabilities
in the deployment process.
Unwanted changes to Endpoint Data, ⑪: Data throughout the endpoint from low-level
firmware all the way up the software stack represents a key area of vulnerability. These
vulnerabilities include unauthorized access to mission-critical or private data. Attackers
may adversely affect the behavior of the system by injecting false data. Denial-of-service

see [UEFI] and [BIOS]

IIC:PUB:G4:V1.0:PB:20160926

- 62 -