SiSyPHuS Win10: Study on System Integrity, Logging, Hardening and Security relevant Functionality in Windows 10
With project SiSyPHuS (ger: "Studie zu Systemintegrität, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10", en: "Study on System Integrity, Logging, Hardening and Security relevant Functionality in Windows 10"), the Federal Office for Information Security (BSI) analyzes serveral parts of Windows 10 which might have an impact on the overall system security. Building upon the results of the technical analysis, recommendations are developed on how to harden the Operating System and how to log relevant events. The study is being conducted by ERNW GmbH on behalf of the BSI.
The Operating System is the central component inside every IT-system for the management of ressources, data and the execution of code and thus has a huge impact on the overall system security.
With this project the BSI creates the foundations for:
- future assessments regarding overall security and remaining risks when operating Windows environments,
- identify the conditions/prerequisites to securely operate Windows 10,
- develop easy-to-adopt recommendations on hardening the OS and logging of relevant events.
Important Remarks
- The exact release of the Windows 10 system in focus are the builds 1607 and 1809, 64bit long term Servicing channel (LTSC), German language.
- All documents are written in englisch language with an Executive Summary in German at the beginning of each document.
The following directory contains links to all finished work packages and entries to the parts that are still work-in-progress. As soon as further work packages become available, they will be published under the appropriate entry. It is important to notice, that all results will be published. However, as numbering of the Work Packages (WP) has been done for project management reasons, some WPs don‘t have a result (e.g. the kick off meeting was WP1) and therefore will not show up on this site.
Work Packages
- Analysis of Windows 10 - General OS Structure
- TPM Vulnerability CVE-2017-15361
- Telemetry Service
- TPM and "UEFI SecureBoot"
- Virtualization Based Security
- Device Guard
- PowerShell and Windows Script Host
- Logging Guideline
- Hardening Guideline
- GPOs for Guidelines
- Monitoring System Modifications
- Universal Windows Apps and Windows Information Protection
- Secure Boot Configuration Policy
- Telemetry Monitoring Framework
- ETW Monitoring Methodology (AFUNKT)
- Windows Application Compatibility Infrastructure
- Driver Management
