7 IISF Functional Viewpoint ................................................................................................ 46 | |
7.1 |
Security Building Blocks ..................................................................................................... 46 |
7.2 |
IIoT System , IIRA Functional Viewpoint and IISF Functional Viewpoint ................................ 47 |
7.3 |
Endpoint Protection .......................................................................................................... 48 |
7.4 |
Communications and Connectivity Protection .................................................................... 50 |
7.5 |
Security Monitoring and Analysis ....................................................................................... 52 |
7.6 |
Security Configuration And Management ........................................................................... 53 |
7.7 |
Data Protection ................................................................................................................. 55 |
7.8 |
Security Model and Policy .................................................................................................. 56 |
7.9 |
From Functional to Implementation Viewpoint .................................................................. 58 |
8 Protecting Endpoints ....................................................................................................... 60 | ||
8.1 |
Security Threats and Vulnerabilities on Endpoints .............................................................. 61 |
|
8.2 |
Architectural Considerations for Protecting Endpoints ........................................................ 63 |
|
8.2.1 |
Endpoint Security Lifecycle ............................................................................................... 64 |
|
8.2.2 |
Hardware versus Software ................................................................................................ 64 |
|
8.2.3 |
Brownfield Endpoint Considerations ................................................................................ 65 |
|
8.3 |
Endpoint Physical Security ................................................................................................. 66 |
|
8.4 |
Establish Roots of Trust ..................................................................................................... 67 |
|
8.5 |
Endpoint Identity ............................................................................................................... 68 |
|
8.6 |
Endpoint Access Control .................................................................................................... 70 |
|
8.6.1 |
Endpoint Authentication ................................................................................................... 70 |
|
8.6.2 |
Endpoint Communication Authorization .......................................................................... 71 |
|
8.7 |
Endpoint Integrity Protection ............................................................................................. 71 |
|
8.7.1 |
Boot Process Integrity ....................................................................................................... 71 |
|
8.7.2 |
Runtime Integrity .............................................................................................................. 72 |
|
8.8 |
Endpoint Data Protection .................................................................................................. 73 |
|
8.8.1 |
Data Confidentiality .......................................................................................................... 73 |
|
8.8.2 |
Data Integrity .................................................................................................................... 74 |
|
8.9 |
Endpoint Monitoring and Analysis ..................................................................................... 75 |
|
8.10 Endpoint Configuration and Management .......................................................................... 75 | ||
8.11 Cryptography Techniques for Endpoint Protection .............................................................. 75 | ||
8.12 Isolation Techniques for Endpoint Protection ..................................................................... 76 | ||
8.12.1 |
Process isolation ............................................................................................................... 76 |
|
8.12.2 |
Container Isolation ............................................................................................................ 77 |
|
8.12.3 |
Virtual Isolation ................................................................................................................. 78 |
|
8.12.4 |
Physical Isolation ............................................................................................................... 80 |
|
8.13 Resource-Constrained Device Considerations ..................................................................... 80 | ||
9 Protecting Communications and Connectivity ................................................................. 82 | ||
9.1 |
Cryptographic Protection of Communications & Connectivity ............................................. 83 |
|
9.1.1 |
Security Controls in Communication and Connectivity Protocols .................................... 83 |
|
9.1.2 |
Building Blocks for Protecting Exchanged Content ........................................................... 84 |
|
9.1.3 |
Connectivity Standards and Security ................................................................................ 84 |
|
9.1.4 |
Cryptographic Protection for Different Communications and Connectivity Paradigms .. 85 |
|
9.2 |
Information Flow Protection .............................................................................................. 86 |
|
9.2.1 |
Controlling Information Flows in Brownfield Deployments ............................................. 86 |
|