Re: [I2nsf] Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
Linda Dunbar <linda.dunbar@huawei.com> Thu, 04 February 2016 21:18 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0263E1B29BC for <i2nsf@ietfa.amsl.com>; Thu, 4 Feb 2016 13:18:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.601
X-Spam-Level:
X-Spam-Status: No, score=-3.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAfQly3iXFW5 for <i2nsf@ietfa.amsl.com>; Thu, 4 Feb 2016 13:18:20 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40A881B29BA for <i2nsf@ietf.org>; Thu, 4 Feb 2016 13:18:19 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml401-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CIB70160; Thu, 04 Feb 2016 21:18:12 +0000 (GMT)
Received: from LHREML708-CAH.china.huawei.com (10.201.5.202) by lhreml401-hub.china.huawei.com (10.201.5.240) with Microsoft SMTP Server (TLS) id 14.3.235.1; Thu, 4 Feb 2016 21:18:12 +0000
Received: from DFWEML705-CHM.china.huawei.com (10.193.5.142) by lhreml708-cah.china.huawei.com (10.201.5.202) with Microsoft SMTP Server (TLS) id 14.3.235.1; Thu, 4 Feb 2016 21:18:12 +0000
Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml705-chm ([10.193.5.142]) with mapi id 14.03.0235.001; Thu, 4 Feb 2016 13:17:55 -0800
From: Linda Dunbar <linda.dunbar@huawei.com>
To: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
Thread-Topic: Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
Thread-Index: AdFa6dZPY3cOkGxTRvK10yqlMgLXcgAAX9GAASg8JfA=
Date: Thu, 04 Feb 2016 21:17:55 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657DE73C3@dfweml701-chm>
References: <4A95BA014132FF49AE685FAB4B9F17F657DE48CA@dfweml701-chm> <0C9F4855-450C-4960-9CB5-1F31DA7E2088@telefonica.com>
In-Reply-To: <0C9F4855-450C-4960-9CB5-1F31DA7E2088@telefonica.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.190]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F657DE73C3dfweml701chm_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.56B3C015.0152, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 42d17def2c553352a07960be4ae271f0
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/kMuZbKOcOf3M-vptoFVeBI8L0sY>
Cc: ANTONIO AGUSTIN PASTOR PERALES <antonio.pastorperales@telefonica.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, Futianfu <futianfu@huawei.com>
Subject: Re: [I2nsf] Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 21:18:24 -0000
Diego, Thank you very much for your explanation of the questions. A few more questions. The Trusted Computing Group has defined the Remote Attestation: to enable a remote system to determine the level of trust in the integrity of platform of another system (attestator). The architecture for remote attestation consists of two major components: Integrity measurement architecture and remote attestation protocol. Are you trying to apply what being defined by TCG RA to “Client <=> Controller” context? Or is the intent to identify the reasonable deployment scenarios, so that (lower cost) simplified procedures and protocols for remote attestation can be identified? For example, if all requests to controller have to be carried by the TCP session initiated by the trusted controller, remote attestation procedure can be simpler. Your opinion? Linda From: DIEGO LOPEZ GARCIA [mailto:diego.r.lopez@telefonica.com] Sent: Friday, January 29, 2016 5:18 PM To: Linda Dunbar Cc: ANTONIO AGUSTIN PASTOR PERALES; i2nsf@ietf.org Subject: Re: Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00 Hi Linda, Thanks for your comments. We are working in a new version and will try to address them in it, but let me make a few remarks inlined below… On 30 Jan 2016, at 24:07 , Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote: Section 1 provides a very good threat analysis for I2NSF environment. However, the solution (Section 5) only covers how “user” attest the “Controller”. Do you plan to expand the draft to cover all the security threats documented in the Section 1? DRL> We will try to expand the document to cover of the threats that can addressed by trust assessment on the platform and the NSFs, so we’ll make a note on which ones are in that category. I understand some of the issues described in the Section 1 is very difficult to solves. For example: An authorized user may misuse assigned privileges to alter the network traffic processing of other users in the virtualization platform… It is great to have those security threats documented. It would also be good to add a note when those issues are out of the scope of I2NSF. Another example: A user with physical access to the virtualization platform can modify the behavior of hardware components. (my note: This issue is true to all virtualized functions. There is also data leakage across different VNFs instantiated on the same physical servers. We should put a note that this is not something that IETF can address) DRL> This is a good suggestion. We’ll follow it Architecturally, there are two ways that users can use I2NSF: 1. Users can specify the “Service Layer Policies/rules” to the Security Controller. The Controller select the appropriate NSFs (virtual or physical) to enforce the “Service Policies” by passing down the “Capability Layer rules/policies”. 2. vNSFs are allocated to the Users. So the Users can send direct policies to its designated vNSFs via the Security Controller. Your draft covers the Case 2 above very well. Can you add some description to the Case 1 ? DRL> The selection of the appropriate NSFs is supposed to happen before the attestation procedures are applied, so I’d say this draft addresses the situation of both cases 1 and 2. Anyway, I see interesting to explore your suggestion, especially in case 1, that would require a rather intelligent controller... Some questions: Section 4.1.3: Secure Boot is applicable to any Hypervisors that host multiple VMs. Should it be out of scope for I2NSF? DRL> The specification of Secure Boot yes, but I consider a reference to its applicability necessary... Section 5.2: Does the controller measure the User's hardware & software components or measure its own HW&SW? DRL> The controller should measure the HW/SW on which the NSFs run, what we call the platform. We’ll try to make it clearer in the draft Section 5.3: Instantiation of vNSF to Container should be done by the lifecycle management of vNSF. The controller's job is only to pass policies. Is this your understanding too? DRL> Indeed, and this is connected with the discussion on the selection of the vNSFs above. We’ll try to make it clear in the draft Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com> Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- [I2nsf] Questions & suggstions to draft-pastor-i2… Linda Dunbar
- Re: [I2nsf] Questions & suggstions to draft-pasto… DIEGO LOPEZ GARCIA
- Re: [I2nsf] Questions & suggstions to draft-pasto… Linda Dunbar
- Re: [I2nsf] Questions & suggstions to draft-pasto… DIEGO LOPEZ GARCIA