Re: [I2nsf] Request for Comments on I2NSF Security Policy Translation
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Sat, 21 July 2018 16:42 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53363130DC4 for <i2nsf@ietfa.amsl.com>; Sat, 21 Jul 2018 09:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=1.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CXSxoMQE3k5F for <i2nsf@ietfa.amsl.com>; Sat, 21 Jul 2018 09:42:33 -0700 (PDT)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124D3130DFF for <i2nsf@ietf.org>; Sat, 21 Jul 2018 09:42:32 -0700 (PDT)
Received: by mail-it0-x22e.google.com with SMTP id q20-v6so18468516ith.0 for <i2nsf@ietf.org>; Sat, 21 Jul 2018 09:42:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wAIt1vBs5OQM8IdSF60FWZ0xOuCidKihh2I/lrBqU90=; b=K6vI5q89zZMG9J4ImxiMwKnY/+Ge6t6Emk4dfgxn4poMtClfxIBlzrjIBb+eGNkRrG 76rcZkle6K2sbsWlMDSlN8iM/glywncpMLN+z9PsN3ZDit2R/TK2pphNRL0Xq4lGY3Js t5eoF4ZLV7B6jz191y8cPCL8d4BMIR5D7GF2Vqghx4dBh2/cDHfPf7zMYH9thKWIrsHK z6dAMMX2yzseYe40umnVw1Q6GEpNJ/3VcdJU8rpKlYbVQjyUD/ng6hK6bshwpM1DWhcL kQhhTaJ3unlKTsYINHBSP/fstVqmlA+YQpIBVqeqv4+ZdyH5Eq2Vsh5TRFZDxZ4yY1xD nD4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wAIt1vBs5OQM8IdSF60FWZ0xOuCidKihh2I/lrBqU90=; b=cuR2XoKEG/C5rHlT/Yt8W0uLW8SXIxToKDfIpSwoFxHvQfmA+aiDukIcMcyTuCB0S4 G/pfGGXLLOffCdxxLNfQV0VUPypa2w+VEz761kgtxdXcKqngltFnnq65238Do2aMwW+e 52mjsFXMB5SpCuE00r9C7zXtqPG9MLTKUmenRzTpSIqmoTUng8xsJozCmL33FkHJWAxf wTPWhSJdydX/linW0kEHMuqA8ZGW2NcSrK36sFjn5iUmhaS/3/F5U4E1wEJF5MgAxSwU cciRnMtlvi9hch8fiaLdmUQ5E/1jpGlthizwhXRI5FbsYyBVIcF4xb+W2I6KIAo/niOI Molg==
X-Gm-Message-State: AOUpUlHfo+8Ff61/Oo40qgqFVy3xcsjuynQ2f2P10kQe2mvU16a772vr ii/Roz3OTnDWWRoZ+pI+uI6XxPEaWOlLjhJBqrs=
X-Google-Smtp-Source: AAOMgpcuGlmKHKwaTDLDVw8Jb1yCNiFFKyNShvJMkbmFdvgtGHmXeyNnWcuhJvyV0Kv1ZPernhn1wPCCnEkB6YYcGbI=
X-Received: by 2002:a24:355:: with SMTP id e82-v6mr5075320ite.64.1532191352133; Sat, 21 Jul 2018 09:42:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:2696:0:0:0:0:0 with HTTP; Sat, 21 Jul 2018 09:42:01 -0700 (PDT)
In-Reply-To: <E4E2E6B7-9935-450D-B6F9-B32ABCA5159A@telefonica.com>
References: <CAPK2DewpB-ZJkD6THFAJOqZCa86kfW52m5xSg5iEbASf1WqPWA@mail.gmail.com> <E4E2E6B7-9935-450D-B6F9-B32ABCA5159A@telefonica.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Sat, 21 Jul 2018 12:42:01 -0400
Message-ID: <CAPK2DeyMHBGeAVBDFDR4xboxE7T3EgMT-+KfiWa477HWmzXaKQ@mail.gmail.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, SecCurator_Team <skku_secu-brain_all@googlegroups.com>
Content-Type: multipart/alternative; boundary="00000000000045a5d3057185199a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/Ei-0yAAFmbINhWo5y8NwH4x7te0>
Subject: Re: [I2nsf] Request for Comments on I2NSF Security Policy Translation
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jul 2018 16:42:36 -0000
Hi Diego, This draft is about the design and implementation of I2NSF Security Policy Controller from a high-level YANG to a low-level YANG. In my previous RFC about "IPv6 Router Advertisement Options for DNS Configuration", the implementation considerations are included for facilitating developers for an easy implementation: https://tools.ietf.org/html/rfc8106 As I mentioned in the previous email, we aim at an Informational RFC rather than a Standard-track or experimental RFC. IMHO, this policy translation is a key technology for I2NSF, so it will be beneficial to have an Informational RFC on the security policy translation. Thanks. Paul On Sat, Jul 21, 2018 at 11:39 AM, Diego R. Lopez < diego.r.lopez@telefonica.com> wrote: > Hi Paul, > > > > This is a rather interesting draft and I’d encourage you to continue and > report your work in policy translation, as it constitutes one of the > essential matters the I2NSF Controller has to deal with. > > > > But I am afraid I don’t see this document progressing in the standards > track (even as an experimental one), as the particular techniques for > implementing the translation do not seem a proper subject for > standardization. The only place I could see room for it in would be as part > of the applicability draft, and I am not sure about it… What do others > think? > > > > Be goode, > > > > -- > > "Esta vez no fallaremos, Doctor Infierno" > > > > Dr Diego R. Lopez > > Telefonica I+D > > https://www.linkedin.com/in/dr2lopez/ > > > > e-mail: diego.r.lopez@telefonica.com > > Tel: +34 913 129 041 > > Mobile: +34 682 051 091 > > ---------------------------------- > > > > On 21/07/2018, 12:01, "I2nsf on behalf of Mr. Jaehoon Paul Jeong" < > i2nsf-bounces@ietf.org on behalf of jaehoon.paul@gmail.com> wrote: > > > > Hi I2NSF WG, > > > > I would like to introduce our draft on I2NSF Security Policy Translation: > > - Draft > > https://tools.ietf.org/html/draft-yang-i2nsf-security-policy > -translation-01 > > > > - Slides > > https://datatracker.ietf.org/meeting/102/materials/slides- > 102-i2nsf-security-policy-translation-00 > > > > This draft gives I2NSF developers the guidelines for the design and > implementation > > of I2NSF Security Controller. > > One important functionality of the Security Controller is to automatically > translate > > an I2NSF User's high-level policy to a low-level policy for NSFs. > > > > In the past of our I2NSF Hackathon projects, we made an > XSLT-stylesheet-based translator. > > But this translator has two limitations, such as static capability-and-NSF > mapping construction > > and inefficient maintenance on such a mapping. > > > > The first limitation is the difficult high-level policy construction. > > By the XSLT-stylesheet approach, I2NSF User MUST manually selects target > NSFs to execute > > the required security capabilities. > > This means that I2NSF User needs to know each NSF's capabilities, so it is > difficult for > > I2NSF User to construct a high-level security policy without the detailed > knowledge on NSFs. > > > > The second limitation is an inefficient maintenance on the policy > translator. > > If the data models on I2NSF NSF-facing Interface requires some updates, > > the XSLT stylesheet and XML files need to be updated. > > On the other hand, our new approach provides I2NSF User with an efficient > > maintenance. > > > > To solve these two limitations, our draft proposes an automata-based > policy translator. > > This translator consists of three components, such as Extractor, Data > Converter, and Generator. > > > > First, when a high-level policy is delivered from I2NSF User to Security > Controller, > > Translator extracts data about the policy at Extractor, and then converts > it at Data Converter > > for NSF(s). Also, Data Converter can select proper NSFs automatically. > > Finally, Generator generates low-level policies of target NSFs based on > the data from Data Converter. > > > > I believe that this draft is valuable for IP2NSF WG adoption > > to facilitate the development and deployment of I2NSF in the real world. > > > > Please read this draft and give our authors your valuable comments. > > We aim at making this proposal as an Informational RFC. > > > > Thanks. > > > > Best Regards, > > Paul & Jinhyuk > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > ------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud de > la legislación vigente. Si ha recibido este mensaje por error, le rogamos > que nos lo comunique inmediatamente por esta misma vía y proceda a su > destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have received > this transmission in error, do not read it. Please immediately reply to the > sender that you have received this communication in error and then delete > it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, > pode conter informação privilegiada ou confidencial e é para uso exclusivo > da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário > indicado, fica notificado de que a leitura, utilização, divulgação e/ou > cópia sem autorização pode estar proibida em virtude da legislação vigente. > Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique > imediatamente por esta mesma via e proceda a sua destruição > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] Request for Comments on I2NSF Security Po… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Diego R. Lopez
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Diego R. Lopez
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- [I2nsf] 答复: Request for Comments on I2NSF Securit… Xialiang (Frank, Network Integration Technology Research Dept)
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Linda Dunbar
- Re: [I2nsf] Request for Comments on I2NSF Securit… Linda Dunbar
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for Comments on I2NSF Securit… Linda Dunbar
- Re: [I2nsf] Request for Comments on I2NSF Securit… Mr. Jaehoon Paul Jeong