IETF Logo Mail Archive

[I2nsf] A Proposed Charter for I2NSF WG Re-Chartering

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Tue, 15 February 2022 17:06 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8537F3A0E74 for <i2nsf@ietfa.amsl.com>; Tue, 15 Feb 2022 09:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.418
X-Spam-Level:
X-Spam-Status: No, score=-0.418 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001, URI_DOTEDU=1.659] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJo_Ojg6y2Ch for <i2nsf@ietfa.amsl.com>; Tue, 15 Feb 2022 09:06:39 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 700AA3A0E6E for <i2nsf@ietf.org>; Tue, 15 Feb 2022 09:06:38 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id f37so11871415lfv.8 for <i2nsf@ietf.org>; Tue, 15 Feb 2022 09:06:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=o9OWuQsf577Zdpq/kUy+Zq13DvrtSfxGaNuPBTp/Ntw=; b=afm3sHo3hAOF8zLLU9rMRxN253rK/ADIbWPv4kopqr3t+sTgYGkKMSw6d6/0+DHjPW aoP5qotkFsuNuajzcjyAevEb9z9N4ejPn4ss30pqXENKrBpgvENq4A3xnUinzRy7tfsx e12N4uMjPv7VttDj0kinNYZWcZBLdFZcOn+eERBFf9WTdm79Gth+d+ybm38UCV0+CPOp xkOuQqdMhcheD1wCHFJDq3khq2NGRJFMc4m4pDcBXVCwAn/RnsPD5yQ5LvWHUVyhBpxJ kArF46AhQmd724RjF4U92Xap43q8vLyfcAdi8jbmnTWrbVXl63oxBqnTOQLSGv5XoqH6 9nBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=o9OWuQsf577Zdpq/kUy+Zq13DvrtSfxGaNuPBTp/Ntw=; b=6lwZgymqHCrL8b2BCsaIdFqciu+IJmccG4SqP+mQTJh3vjiY7JpM/1WBLCyEXjstBn hlDUUUsWc2H//7x5MRlffKxnPTwelXBN/mOuu0aa3mn54sDzj++y0hheqqlL1xuqTMQ/ L0dba4Ag/AR6KRud5/aGIDIfAKGgcT3qHtes/OHGnVCQ7WmBVMhDF1UnXExvgwcTkBtK wR1wBesKXy635CERvKFwtVGG/1Bz30LRyuEHPzXQv6+odOHEV9F4pYjnj1L/KUdVznxA 9Zvo/Q+VQEZq3q+KXM18n9N4/3p1s8WL7WlSKs78Q7cw6OOhuTDSntjV9mxcBmtMZLsJ l4Sg==
X-Gm-Message-State: AOAM533zx7Aa2KIWmvtWgOWnw3eFFGoVBRpkQ+LScOjCUkJLWGyfeBqB qotlFvVYSfmf07syQCTBcN20eBWYWFfWl6IT9jc1lGW79GA=
X-Google-Smtp-Source: ABdhPJyIcfe0iBW6uZjetYqDJDa58kQrghGFVVDtINKBAsBW5mi61tpFFH9stu7CMit2SxlVNISYHfVXVBDsfyIV1Hs=
X-Received: by 2002:a05:6512:3e28:: with SMTP id i40mr22404lfv.566.1644944792378; Tue, 15 Feb 2022 09:06:32 -0800 (PST)
MIME-Version: 1.0
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Wed, 16 Feb 2022 02:05:55 +0900
Message-ID: <CAPK2DewH-8bgs=XXS0h04wk0i-ALaLmWXCim7H39DzBPUHH0Mw@mail.gmail.com>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Cc: Roman Danyliw <rdd@cert.org>, Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>, ANTONIO AGUSTIN PASTOR PERALES <antonio.pastorperales@telefonica.com>, Younghan Kim <younghak@ssu.ac.kr>, JungSoo Park <pjs@etri.re.kr>, Yunchul Choi <cyc79@etri.re.kr>, Meiling Chen <chenmeiling@chinamobile.com>, yangpenglin <yangpenglin@chinamobile.com>, Patrick Lingga <patricklink888@gmail.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/mixed; boundary="0000000000000700c405d8118eee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/XQxOoQS9JkJ0hDeICISHEl8QasE>
Subject: [I2nsf] A Proposed Charter for I2NSF WG Re-Chartering
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2022 17:06:45 -0000

Hi I2NSF WG,
Here is a proposed charter for I2NSF WG re-chartering.
I have prepared for this new charter with I2NSF WG chair Linda, Diego,
Antonio, Patrick, Penglin, Meilin, Younghan, Jung-Soo, and Yunchul.

--------------------------------------------------------------------------------------------------
Charter for Working Group

Introduction
===============

Interface to Network Security Functions (I2NSF) provides security function
vendors, users,
and operators with a standard framework and interfaces for cloud-based
security services.
The I2NSF framework for those security services consists of I2NSF User,
Security Controller,
Network Security Functions (NSF), Developer's Management System (DMS), and
I2NSF
Analyzer.

Goals
===============

I2NSF Working Group (WG) will standardize a framework and interfaces for
security
management automation in an autonomous security system. For this goal, it
is necessary
to have a feedback control loop consisting of security policy
configuration, monitoring,
notification, data analysis, feedback delivery, and security policy
augmentation/generation.
However, the following key components for I2NSF are currently out of I2NSF
scope without
rechartering:

o The data analysis entities, feedback delivery and security policy
augmentation. The I2NSF
   Analyzer is to process and make data from NSFs available in a way that
they are auditable,
   undeniable, and tamper-resistant.

o The I2NSF framework needs a new interface to deliver feedback messages
for a security
   policy from I2NSF Analyzer to Security Controller, or to share them
among collaborating
   domains. In addition, a proper translation of the planned actions for a
given security policy
   onto NSF capabilities requires a well-defined model for representing
these actions in
   Security Controller.

o I2NSF is vulnerable to insider and supply chain attacks. The security
system may collapse
   if there is a malicious attack to the NSF capabilities registration, the
I2NSF user security
   policies declaration, the Security Controller, or the monitoring data
from an NSF. To prevent
   this malicious activity from happening in the I2NSF framework or detect
the root of a
   security attack, all the activities in the I2NSF framework should be
logged in either a
   centralized way (e.g., database) or a decentralized way (e.g.,
Blockchain as a distributed
   ledger technology (DLT)).

o The provenance and status of the I2NSF components (i.e., I2NSF User,
Security Controller,
   NSF, DMS, and I2NSF Analyzer) need to be verified by remote attestation.
Beyond this, it
   would be necessary to analyze the impact of new mechanisms for
establishing roots of trust,
   such as Quantum Key Distribution (QKD), and providing crypto
capabilities, such as Post
   Quantum Cryptography (PQC), on the management mechanisms described in
RFC9061.
   In addition, recording events (like done with DLT such as Blockchain),
or implementing data
   paths and computational services (as supported by in-network computing)
needs to be
   evaluated.

o I2NSF can work effectively and efficiently on container deployments in a
cloud native NFV
   architecture. For the operations in this cloud native NFV architecture,
the YANG data models
   of the I2NSF interfaces need to be augmented appropriately.

Program of Work
===============

The I2NSF working group's deliverables include:

o A single document for an extension of I2NSF framework for security
management automation.
   This document will initially be produced for reference as a living list
to track and record
   discussions. The working group may decide not to publish this document
as an RFC.

o A YANG data model document for I2NSF Application Interface to deliver
feedback from I2NSF
   Analyzer to Security Controller.

o A single document for a framework for security policy translation to
support the mapping
   between a high-level YANG module and a low-level YANG module. The
working group may
   decide not to publish this document as an RFC. This document will apply
the recommendations
   under discussion in NETMOD and OPSAWG on event modeling.

o A single document for remote attestation for I2NSF components, based on
the work of the
   RATS WG.

o A YANG data model document for the support of DLT-based distributed
system auditing
  (e.g., Blockchain) in the I2NSF framework.

o A single document for I2NSF on container deployments in a cloud native
NFV architecture.

o A single document for applicability and use cases in I2NSF-based security
management
   automation.

o A single document providing an extended I2NSF capability model for
security management
   automation.


Milestones
===============

o November 2023: Adopt an extended I2NSF capability model for security
management
   automation as WG document

o July 2023: Adopt applicability and use cases in I2NSF-based security
management
   automation as WG document

o March 2023: Adopt a YANG data model for DLT-based distributed system
auditing as
   WG document

o March 2023: Adopt I2NSF on container deployments in a cloud native NFV
architecture
   as WG document

o November 2022: Adopt remote attestation for I2NSF components, based on
the work
   of RATS, as WG document

o July 2022: Adopt a framework for security policy translation as WG
document

o July 2022: Adopt a YANG data model for I2NSF Application Interface as WG
document

o July 2022 Adopt an extension of I2NSF framework for security management
automation
   as WG document
--------------------------------------------------------------------------------------------------

I attach the docx and pdf files for the new I2NSF charter.

If you have comments or suggestions, please let me know.

Thanks.

Best Regards,
Paul
-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department Head
Department of Computer Science and Engineering
Sungkyunkwan University
Office: +82-31-299-4957
Email: pauljeong@skku.edu, jaehoon.paul@gmail.com
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.37.1 | Report a Bug | By Email | System Status