IETF Logo Mail Archive

Re: [I2nsf] Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00

DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com> Fri, 29 January 2016 23:18 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28DF51AC3A2 for <i2nsf@ietfa.amsl.com>; Fri, 29 Jan 2016 15:18:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.699
X-Spam-Level:
X-Spam-Status: No, score=0.699 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sx1BPeyS8eA6 for <i2nsf@ietfa.amsl.com>; Fri, 29 Jan 2016 15:18:24 -0800 (PST)
Received: from smtptc.telefonica.com (smtptc.telefonica.com [195.76.34.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 358AA1AC3A1 for <i2nsf@ietf.org>; Fri, 29 Jan 2016 15:18:23 -0800 (PST)
Received: from smtptc.telefonica.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C06108819E; Sat, 30 Jan 2016 00:18:20 +0100 (CET)
Received: from ESTGVMSP111.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtptc.telefonica.com (Postfix) with ESMTPS id A81998817C; Sat, 30 Jan 2016 00:18:20 +0100 (CET)
Received: from emea01-db3-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.92.6.54) with Microsoft SMTP Server (TLS) id 14.3.235.1; Sat, 30 Jan 2016 00:18:19 +0100
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com (10.161.13.142) by DB4PR06MB265.eurprd06.prod.outlook.com (10.242.231.142) with Microsoft SMTP Server (TLS) id 15.1.390.13; Fri, 29 Jan 2016 23:18:18 +0000
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) by DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) with mapi id 15.01.0390.016; Fri, 29 Jan 2016 23:18:18 +0000
From: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Thread-Topic: Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
Thread-Index: AdFa6dZPY3cOkGxTRvK10yqlMgLXcgAAX9GA
Date: Fri, 29 Jan 2016 23:18:18 +0000
Message-ID: <0C9F4855-450C-4960-9CB5-1F31DA7E2088@telefonica.com>
References: <4A95BA014132FF49AE685FAB4B9F17F657DE48CA@dfweml701-chm>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657DE48CA@dfweml701-chm>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=telefonica.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [176.84.211.224]
x-microsoft-exchange-diagnostics: 1; DB4PR06MB265; 5:F8RDP040bZfbuzAr3QRzANHDQUu4H1w2WhdQtHybfyJ7SGxRI3Nn/xjVjjRjzk3dnHndHtThh3rdadlNB1cOLLOjY4gd1jrDd9AofSEsD8e7BqqRQsezuTSt7nVkznGhHh8+BW2TYSf/QJpgy8XzzA==; 24:A6DRZbRHx/JzlQ9LZnCmgUxTm0YlA4STJT3cgLuczNeD7yqPkuuWPV/AzkrowTpzykwQ6g+23J+fiGVXr/6Mxw65WexTMXpHCl6xXN5pIik=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB265;
x-ms-office365-filtering-correlation-id: 6179ae9e-170b-4ac3-ee9a-08d329027918
x-microsoft-antispam-prvs: <DB4PR06MB2656F177AEC43FADC1B92C4DFDB0@DB4PR06MB265.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:DB4PR06MB265; BCL:0; PCL:0; RULEID:; SRVR:DB4PR06MB265;
x-forefront-prvs: 083691450C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(252514010)(86362001)(40100003)(10400500002)(92566002)(110136002)(19580395003)(5002640100001)(122556002)(66066001)(230783001)(54356999)(76176999)(82746002)(5008740100001)(19580405001)(50986999)(3280700002)(87936001)(11100500001)(83716003)(2906002)(189998001)(33656002)(3660700001)(4326007)(5001960100002)(2900100001)(5004730100002)(36756003)(2950100001)(1220700001)(586003)(1096002)(16236675004)(77096005)(15975445007)(3846002)(6116002)(19617315012)(102836003)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR06MB265; H:DB4PR06MB0624.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_0C9F4855450C49609CB51F31DA7E2088telefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2016 23:18:18.6316 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB265
X-OriginatorOrg: telefonica.com
X-TM-AS-MML: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/N9haiJspKYFiA_AU0fUxGDYvr00>
Cc: ANTONIO AGUSTIN PASTOR PERALES <antonio.pastorperales@telefonica.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Subject: Re: [I2nsf] Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 23:18:28 -0000

Hi Linda,

Thanks for your comments. We are working in a new version and will try to address them in it, but let me make a few remarks inlined below…


On 30 Jan 2016, at 24:07 , Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote:

Section 1 provides a very good threat analysis for I2NSF environment.  However, the solution (Section 5) only covers how “user” attest the “Controller”. Do you plan to expand the draft to cover all the security threats documented in the Section 1?

DRL> We will try to expand the document to cover of the threats that can addressed by trust assessment on the platform and the NSFs, so we’ll make a note on which ones are in that category.

I understand some of the issues described in the Section 1 is very difficult to solves. For example:
An authorized user may misuse assigned privileges to alter the network traffic processing of other users in the virtualization platform…


It is great to have those security threats documented. It would also be good to add a note when those issues are out of the scope of I2NSF.

Another example:
A user with physical access to the virtualization platform can modify the behavior of hardware components.
(my note: This issue is true to all virtualized functions. There is also data leakage across different VNFs instantiated on the same physical servers.  We should put a note that this is not something that IETF can address)

DRL> This is a good suggestion. We’ll follow it


 Architecturally, there are two ways that users  can use I2NSF:
1.     Users can specify the “Service Layer Policies/rules”  to the Security Controller. The Controller select the appropriate NSFs (virtual or physical) to enforce the “Service Policies” by passing down the “Capability Layer rules/policies”.
2.     vNSFs are allocated to the Users. So the Users can send direct policies to its designated vNSFs via the Security Controller.

Your draft covers the Case 2 above very well. Can you add some description to the Case 1 ?

DRL> The selection of the appropriate NSFs is supposed to happen before the attestation procedures are applied, so I’d say this draft addresses the situation of both cases 1 and 2. Anyway, I see interesting to explore your suggestion, especially in case 1, that would require a rather intelligent controller...


Some questions:

Section 4.1.3: Secure Boot is applicable to any Hypervisors that host multiple VMs. Should it be out of scope for I2NSF?

DRL> The specification of Secure Boot yes, but I consider a reference to its applicability necessary...

Section 5.2: Does the controller measure the User's hardware & software  components or measure its own HW&SW?

DRL> The controller should measure the HW/SW on which the NSFs run, what we call the platform. We’ll try to make it clearer in the draft

Section 5.3: Instantiation of vNSF to Container should be done by the lifecycle management of vNSF. The controller's job is only to pass policies. Is this your understanding too?

DRL> Indeed, and this is connected with the discussion on the selection of the vNSFs above. We’ll try to make it clear in the draft

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email