[I2nsf] A Revised I-D on An Architecture for Security Management in I2NSF Framework
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 06 October 2016 20:50 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27E2212973F for <i2nsf@ietfa.amsl.com>; Thu, 6 Oct 2016 13:50:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLDLrZZmfUzn for <i2nsf@ietfa.amsl.com>; Thu, 6 Oct 2016 13:50:16 -0700 (PDT)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FACB129451 for <i2nsf@ietf.org>; Thu, 6 Oct 2016 13:50:16 -0700 (PDT)
Received: by mail-yw0-x22b.google.com with SMTP id t192so783188ywf.0 for <i2nsf@ietf.org>; Thu, 06 Oct 2016 13:50:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc; bh=8yzOZs8VBtK6swSwaGUiEiQD8Pkb4ANkEn30McNQLw4=; b=fWCMew/sclsu2WKU2pZ4twmA8WdJYlliE7EaDCKvCtB9+9I6WXpiLdrye+XDbSXpkI TSq0PGYHlWMY0DT5AvP/1of5avfUX4MLX9cX85KQnje4FKYdQh1/P2zWpGxFMhKP0uhh F0M8lNnljCvQATeNR+RTuNip+rXirqM0GgJ9eZaS+dmUtM9dS88edyKGbGVzJXAK+ECq 3FwC3JsU8VTLXaqooe5hIek3wziUVtuwUBBuPSem7mvsM/uqMPcTGaGD0PLako04Mi0g pzKhfripR2ULBvz4P6p8+/7aE3MBfR0bUW9VWLoOC1GvEkTrFYJxWy+mPxsRkGltjD+P 15rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=8yzOZs8VBtK6swSwaGUiEiQD8Pkb4ANkEn30McNQLw4=; b=ZAcdrRfb/NwrevpIi7v2M3sAW9j7VPkqbI5xy3yBtf3WdserePdGcNGA1kxLUCviKm LKkFopbMq3oQXTV1jhAGPAUjdOLHxSVpulMd0gILawcZ+9ee/e1Fs2LIv/wuQhTMbkbU N8J+v+jS0CebCos42yfVQgCT0ZAAwajFCcQZrYddJuqV6c+4OVRH5Hjwlm/vweHXKTpm zQRRPEXiTTFTuWtINAIzQWUYc1igG4dXUl9Z8QISBLA9fO/X5PLQf6kCY3zV+ht7/9RA kBTOPENsLcnHOm1V3te+MlwHqIJWVCvmk3y0E0KDbfGuLh0QhT9Xe+vrYCGD22vNH6XD ymVw==
X-Gm-Message-State: AA6/9RmNDLnb2KJ/mNMbUvJWDkU42DXftql2DebeUZ8ACuk0TDQ2bL6sAH5OIfi9ES6GwGfqQMIVXoFy9apkMg==
X-Received: by 10.129.53.206 with SMTP id c197mr12458052ywa.205.1475787015543; Thu, 06 Oct 2016 13:50:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Thu, 6 Oct 2016 13:49:45 -0700 (PDT)
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 06 Oct 2016 16:49:45 -0400
Message-ID: <CAPK2Dey3PV5Dc+j51PNdv6XiTEAryhhKfKN4PsJT3+a-pW+HHA@mail.gmail.com>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Content-Type: multipart/alternative; boundary="001a11421a26d36c5b053e387050"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/p1OQ7NqPGW0Xs2lgebZyYmG5lSE>
Cc: skku_secu-brain_all@googlegroups.com
Subject: [I2nsf] A Revised I-D on An Architecture for Security Management in I2NSF Framework
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 20:50:18 -0000
Hi all, I have posted a revised i2nsf I-D: - Title An Architecture for Security Management in I2NSF Framework - File https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02 - Abstract This document describes an architecture for security management in the Interface to Network Security Functions (I2NSF) framework. This security management architecture consists of I2NSF Client, Security Management System (i.e., Security Controller and Developer's Management System), and Network Security Functions (NSFs) in the I2NSF framework. I2NSF Client consists of Application Logic, Policy Updater, and Event Collector. Security Controller consists of Security Policy Manager and NSF Capability Manager. This document explains their missions and the processing of security management in a high level. It also describes representative use cases, such as security management for the list of malware domains, security management for VoIP-VoLTE and time-dependent access control. This draft will complement the i2nsf framework draft. The changes from the previous version are as follows: o This version reflects the framework for I2NSF in draft-ietf-i2nsf-framework-03. o As a term change, Policy Collector is renamed Event Collector. o A new use case for time-dependent access control is added. o As a logic change, NSF generates an event rather than an updated low-level policy for a new security attack, and then sends it to Security Controller. It will be great for you to give us comments or suggestions. Thanks. Best Regards, Paul -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] A Revised I-D on An Architecture for Secu… Mr. Jaehoon Paul Jeong