[hackathon] Security Telemetry based on SACM Vulnerability Assessments and YANG Subscribed Notifications
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Mon, 16 October 2017 22:34 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: hackathon@ietfa.amsl.com
Delivered-To: hackathon@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11CBE134589; Mon, 16 Oct 2017 15:34:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4YTdgiYVlY96; Mon, 16 Oct 2017 15:34:51 -0700 (PDT)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2392A1321A7; Mon, 16 Oct 2017 15:34:49 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2FcBQCh299Z/xoBYJlEGhsBAQEDAQEBCQEBAYNdZANrJweDc5lRgUuBJJU2gU9DCieFFIRBQBcBAgEBAQEBAQEDaChCEIIUBEYhBQMvAQEBAQEBAQEBAQEBAQEBAQEBFwINMRICGgMBJA8BBT8CBRQcAhQMBgJJFgEMAQcBAYoSBwEEDAMvjUidZ4Ing1WHZwEBAQEBBQEBAQEBAR0FgQ6CH4IHgVGBaiuCSoNngiGCHieCRhsFoUSBCIEmhTCYaQWHLpU+AgQGBQIZAYE5IQE2gQ5TJoV3HBmBUHQBBINThWCBDgGBEAEBAQ
X-IPAS-Result: A2FcBQCh299Z/xoBYJlEGhsBAQEDAQEBCQEBAYNdZANrJweDc5lRgUuBJJU2gU9DCieFFIRBQBcBAgEBAQEBAQEDaChCEIIUBEYhBQMvAQEBAQEBAQEBAQEBAQEBAQEBFwINMRICGgMBJA8BBT8CBRQcAhQMBgJJFgEMAQcBAYoSBwEEDAMvjUidZ4Ing1WHZwEBAQEBBQEBAQEBAR0FgQ6CH4IHgVGBaiuCSoNngiGCHieCRhsFoUSBCIEmhTCYaQWHLpU+AgQGBQIZAYE5IQE2gQ5TJoV3HBmBUHQBBINThWCBDgGBEAEBAQ
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="1024270"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/DHE-RSA-CAMELLIA256-SHA; 17 Oct 2017 00:34:45 +0200
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="265068174"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Oct 2017 00:34:44 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id v9GMYfDn002979 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Oct 2017 00:34:43 +0200
Received: from [192.168.16.50] (134.102.43.163) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 17 Oct 2017 00:34:36 +0200
To: hackathon@ietf.org, SACM WG <sacm@ietf.org>, NETCONF WG <netconf@ietf.org>
CC: Adam Montville <adam.w.montville@gmail.com>, "Eric Voit (evoit)" <evoit@cisco.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <5a81d677-1b58-fab9-a2af-1299c7f2cf42@sit.fraunhofer.de>
Date: Tue, 17 Oct 2017 00:34:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.43.163]
Archived-At: <https://mailarchive.ietf.org/arch/msg/hackathon/ttjVXxX_ZJPk9O3qBSsjEEWRWGY>
Subject: [hackathon] Security Telemetry based on SACM Vulnerability Assessments and YANG Subscribed Notifications
X-BeenThere: hackathon@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion regarding past, present, and future IETF hackathons." <hackathon.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hackathon>, <mailto:hackathon-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hackathon/>
List-Post: <mailto:hackathon@ietf.org>
List-Help: <mailto:hackathon-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hackathon>, <mailto:hackathon-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2017 22:34:54 -0000
Hi all, we would like to announce a Hackathon project that is based on the output created by the SACM and NETCONF WG at the Hackathon in Prague @ the IETF 99 meeting. The project is focused on providing security posture assessments based on the collection of fresh and trustworthy device characteristics. Viele Grüße, Henk Project Summary: This Hackathon project is intended to provide a place for individuals interested in driving forward NETCONF WG Yang Push work in conjunction with SACM WG Continuous Monitoring work. ## Vulnerability Assessment SACM has defined a vulnerability assessment (VA) scenario: > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario This project intends to advance the VA prototype created during the IETF 99 Hackathon meeting as well as extend the capabilities of collecting and assessing endpoint attributes (device characteristics) in a secure and reliable fashion. ## Event Streams and Orchestration via YANG Push & YANG Subscribed Notifications The output of the last combined Hackathon project was: > https://github.com/netconf-wg/yang-push/blob/master/IETF99_SACM-YANG-Push_Hackathon-Minutes.pdf > https://datatracker.ietf.org/doc/draft-birkholz-sacm-yang-content/ The corresponding goals in respect to YANG Push are to improve integration with the VA usage scenario and extend the implemented work-flow by introducing control-plane functions, such as orchestration, capability discovery, and target-endpoint discovery, as well as the appropriate distribution of imperative guidance for security posture collection (i.e. YANG filter expressions to SACM collectors). Orchestration of control-plane functions as well as the secure distribution of security-related information is based on: > https://datatracker.ietf.org/doc/draft-ietf-mile-xmpp-grid/ For more details see: > https://github.com/sacmwg/vulnerability-scenario/tree/master/ietf_hackathon Contributions to this project are orchestrated via: > https://github.com/sacmwg/vulnerability-scenario/projects/2 Virtual Hackathon-Preparation meetings via WebEx are scheduled twice a week: On Tuesday:> https://mailarchive.ietf.org/arch/msg/sacm/B4Uo1nbTvzhHuBpHONUxFCObkTk/?qid=364e90e0bff4f0df3ca2fa86c698b711 > https://ietf.webex.com/ietf/j.php?MTID=me634ee1548b0df8c75ba7036dc7f05f1 > Meeting Number: 644 210 539 > Meeting Password: N93Bh5Th and on Thursday:> https://mailarchive.ietf.org/arch/msg/sacm/R_Lv5o3oZv0mqpGIEuqVu98BK8Y/?qid=364e90e0bff4f0df3ca2fa86c698b711> https://ietf.webex.com/ietf/j.php?MTID=m0f5ac7b5c453298a56841f613796f81c> Meeting Number: 648 256 352 > Meeting Password: Vx7fcdxD Everybody interested in our combined effort is - of course - welcome to chime in!
- [hackathon] Security Telemetry based on SACM Vuln… Henk Birkholz