[I2nsf] Request for Comments on I2NSF Security Policy Translation
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Sat, 21 July 2018 10:01 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75DB1130EA9 for <i2nsf@ietfa.amsl.com>; Sat, 21 Jul 2018 03:01:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=1.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hN-zPM_MFpKm for <i2nsf@ietfa.amsl.com>; Sat, 21 Jul 2018 03:01:31 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD7C3130EDD for <i2nsf@ietf.org>; Sat, 21 Jul 2018 03:01:31 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id w11-v6so6325452iob.2 for <i2nsf@ietf.org>; Sat, 21 Jul 2018 03:01:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=y6Jx7KaEpS+5myLDaOLuDBywO03+0cnRjDvRs8jy2pQ=; b=EIlINCHonyas4GinClCtM1LlEGofBC6eI75qBn9a/njrCkEgkzzvwjspm0NhwDWbdA pPOwmxMFZe1OfiG1r9nB4O6Rdh3QOky1ZZkJRW9inzF/gWnDt1wkPDTJsRTdKim2Q01N IrcrYmQoUAlClbJhx42H4b6nRBlTacaSzXvJDYBY3aWKzGnRdUTgnHRqxSry4bbT0qpM hVIk7ovLil+4C9NDNXDr4fNK/4Rrk2xmCB39Qqc9VIVcr0enKmXMMb3JlsFJkiGith4k fJeKim/XLP09BV782C+j4YrijNB96BEroMCmAFHuAllT/OWnfP9EEtSicDnz8cgN+OKw OQ4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=y6Jx7KaEpS+5myLDaOLuDBywO03+0cnRjDvRs8jy2pQ=; b=cKkRDe+On2xXdWqt/hS3xgbf3TP0xXtzQ5+l16eps+orJqAvOGsXhYJ9VlclFHmWia IKsdrw5uUk5JKcg1zCo1GpYszf5RkBsLafbRhnYyEftSM8NI4eQwge+lo6FxC/gHb1Y+ 5StQIpKBp006JPel0nG2ea1TIotwfHW+Gnig8DwXZiiVePLVRigTvYhZ/cxE26nTFbVe VLJtNrqtnQ+M3XCR9NcL8Q8xJ+cayf5n0aWs0ekAxCah5fCrP6fzHzhT7kl4PqnHAJib n65f6V1LSNl5pTTh77e+Nat+TnmUWONJx32W6T9yLPsqcMjQWdZBWaF2z7CCviB/vPN+ 7nEw==
X-Gm-Message-State: AOUpUlHS6ZbqF9a+4Ymvrm4aXWyfeCJUHlhAt+Hd6pOBUmWWK3Ti4bNf 4X2zgFbkLJoHLbVJ5hmULt72D/Zzo155QGI4pBimIviVJms=
X-Google-Smtp-Source: AAOMgpeD94DhtBvQK633t4HJROwdsNncVpFVIyA5KLeCEgT1Qjm3P/XUA08TDq4Hzob/o0vVO4eUuD3y2TuF2e5aQhs=
X-Received: by 2002:a6b:845a:: with SMTP id g87-v6mr4536170iod.58.1532167290468; Sat, 21 Jul 2018 03:01:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:2696:0:0:0:0:0 with HTTP; Sat, 21 Jul 2018 03:00:59 -0700 (PDT)
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Sat, 21 Jul 2018 06:00:59 -0400
Message-ID: <CAPK2DewpB-ZJkD6THFAJOqZCa86kfW52m5xSg5iEbASf1WqPWA@mail.gmail.com>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Cc: SecCurator_Team <skku_secu-brain_all@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000015c0f705717f7fe0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/73gpK5qgs5OuHx8g0Cxa97CmuR4>
Subject: [I2nsf] Request for Comments on I2NSF Security Policy Translation
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jul 2018 10:01:34 -0000
Hi I2NSF WG, I would like to introduce our draft on I2NSF Security Policy Translation: - Draft https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-01 - Slides https://datatracker.ietf.org/meeting/102/materials/slides-102-i2nsf-security-policy-translation-00 This draft gives I2NSF developers the guidelines for the design and implementation of I2NSF Security Controller. One important functionality of the Security Controller is to automatically translate an I2NSF User's high-level policy to a low-level policy for NSFs. In the past of our I2NSF Hackathon projects, we made an XSLT-stylesheet-based translator. But this translator has two limitations, such as static capability-and-NSF mapping construction and inefficient maintenance on such a mapping. The first limitation is the difficult high-level policy construction. By the XSLT-stylesheet approach, I2NSF User MUST manually selects target NSFs to execute the required security capabilities. This means that I2NSF User needs to know each NSF's capabilities, so it is difficult for I2NSF User to construct a high-level security policy without the detailed knowledge on NSFs. The second limitation is an inefficient maintenance on the policy translator. If the data models on I2NSF NSF-facing Interface requires some updates, the XSLT stylesheet and XML files need to be updated. On the other hand, our new approach provides I2NSF User with an efficient maintenance. To solve these two limitations, our draft proposes an automata-based policy translator. This translator consists of three components, such as Extractor, Data Converter, and Generator. First, when a high-level policy is delivered from I2NSF User to Security Controller, Translator extracts data about the policy at Extractor, and then converts it at Data Converter for NSF(s). Also, Data Converter can select proper NSFs automatically. Finally, Generator generates low-level policies of target NSFs based on the data from Data Converter. I believe that this draft is valuable for IP2NSF WG adoption to facilitate the development and deployment of I2NSF in the real world. Please read this draft and give our authors your valuable comments. We aim at making this proposal as an Informational RFC. Thanks. Best Regards, Paul & Jinhyuk -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] Request for Comments on I2NSF Security Po… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Diego R. Lopez
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Diego R. Lopez
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- [I2nsf] 答复: Request for Comments on I2NSF Securit… Xialiang (Frank, Network Integration Technology Research Dept)
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Linda Dunbar
- Re: [I2nsf] Request for Comments on I2NSF Securit… Linda Dunbar
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Linda Dunbar
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong