IETF Logo Mail Archive

[I2nsf] A Revised I-D on An Architecture for Security Management in I2NSF Framework

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 06 October 2016 20:50 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27E2212973F for <i2nsf@ietfa.amsl.com>; Thu, 6 Oct 2016 13:50:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLDLrZZmfUzn for <i2nsf@ietfa.amsl.com>; Thu, 6 Oct 2016 13:50:16 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FACB129451 for <i2nsf@ietf.org>; Thu, 6 Oct 2016 13:50:16 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id t192so783188ywf.0 for <i2nsf@ietf.org>; Thu, 06 Oct 2016 13:50:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc; bh=8yzOZs8VBtK6swSwaGUiEiQD8Pkb4ANkEn30McNQLw4=; b=fWCMew/sclsu2WKU2pZ4twmA8WdJYlliE7EaDCKvCtB9+9I6WXpiLdrye+XDbSXpkI TSq0PGYHlWMY0DT5AvP/1of5avfUX4MLX9cX85KQnje4FKYdQh1/P2zWpGxFMhKP0uhh F0M8lNnljCvQATeNR+RTuNip+rXirqM0GgJ9eZaS+dmUtM9dS88edyKGbGVzJXAK+ECq 3FwC3JsU8VTLXaqooe5hIek3wziUVtuwUBBuPSem7mvsM/uqMPcTGaGD0PLako04Mi0g pzKhfripR2ULBvz4P6p8+/7aE3MBfR0bUW9VWLoOC1GvEkTrFYJxWy+mPxsRkGltjD+P 15rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=8yzOZs8VBtK6swSwaGUiEiQD8Pkb4ANkEn30McNQLw4=; b=ZAcdrRfb/NwrevpIi7v2M3sAW9j7VPkqbI5xy3yBtf3WdserePdGcNGA1kxLUCviKm LKkFopbMq3oQXTV1jhAGPAUjdOLHxSVpulMd0gILawcZ+9ee/e1Fs2LIv/wuQhTMbkbU N8J+v+jS0CebCos42yfVQgCT0ZAAwajFCcQZrYddJuqV6c+4OVRH5Hjwlm/vweHXKTpm zQRRPEXiTTFTuWtINAIzQWUYc1igG4dXUl9Z8QISBLA9fO/X5PLQf6kCY3zV+ht7/9RA kBTOPENsLcnHOm1V3te+MlwHqIJWVCvmk3y0E0KDbfGuLh0QhT9Xe+vrYCGD22vNH6XD ymVw==
X-Gm-Message-State: AA6/9RmNDLnb2KJ/mNMbUvJWDkU42DXftql2DebeUZ8ACuk0TDQ2bL6sAH5OIfi9ES6GwGfqQMIVXoFy9apkMg==
X-Received: by 10.129.53.206 with SMTP id c197mr12458052ywa.205.1475787015543; Thu, 06 Oct 2016 13:50:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Thu, 6 Oct 2016 13:49:45 -0700 (PDT)
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 06 Oct 2016 16:49:45 -0400
Message-ID: <CAPK2Dey3PV5Dc+j51PNdv6XiTEAryhhKfKN4PsJT3+a-pW+HHA@mail.gmail.com>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Content-Type: multipart/alternative; boundary="001a11421a26d36c5b053e387050"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/p1OQ7NqPGW0Xs2lgebZyYmG5lSE>
Cc: skku_secu-brain_all@googlegroups.com
Subject: [I2nsf] A Revised I-D on An Architecture for Security Management in I2NSF Framework
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 20:50:18 -0000

Hi all,
I have posted a revised i2nsf I-D:
- Title
   An Architecture for Security Management in I2NSF Framework

- File

https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02

- Abstract
   This document describes an architecture for security management in
   the Interface to Network Security Functions (I2NSF) framework.  This
   security management architecture consists of I2NSF Client, Security
   Management System (i.e., Security Controller and Developer's
   Management System), and Network Security Functions (NSFs) in the
   I2NSF framework.  I2NSF Client consists of Application Logic, Policy
   Updater, and Event Collector.  Security Controller consists of
   Security Policy Manager and NSF Capability Manager.  This document
   explains their missions and the processing of security management in
   a high level.  It also describes representative use cases, such as
   security management for the list of malware domains, security
   management for VoIP-VoLTE and time-dependent access control.

This draft will complement the i2nsf framework draft.

The changes from the previous version are as follows:
   o  This version reflects the framework for I2NSF in
      draft-ietf-i2nsf-framework-03.

   o  As a term change, Policy Collector is renamed Event Collector.

   o  A new use case for time-dependent access control is added.

   o  As a logic change, NSF generates an event rather than an updated
      low-level policy for a new security attack, and then sends it to
      Security Controller.

It will be great for you to give us comments or suggestions.

Thanks.

Best Regards,
Paul
-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.23.0 | Report a Bug | By Email