Re: [Model-t] model-t@iab.org list description
Watson Ladd <watsonbladd@gmail.com> Sat, 03 August 2019 18:21 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: model-t@ietfa.amsl.com
Delivered-To: model-t@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89AAE1200D6 for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 11:21:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMUMK-ZHfQF8 for <model-t@ietfa.amsl.com>; Sat, 3 Aug 2019 11:21:28 -0700 (PDT)
Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 088C912000E for <model-t@iab.org>; Sat, 3 Aug 2019 11:21:27 -0700 (PDT)
Received: by mail-lf1-x141.google.com with SMTP id x3so1371351lfn.6 for <model-t@iab.org>; Sat, 03 Aug 2019 11:21:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=RtQ33k3TgUTq5m+iXX/okwJl0jJIhEmLCome+IIS2bk=; b=fxKk5HSDdVuUyp7oFXCnQJUKRveuL1ygqYiqkhhvNJg7ySjtZPpV88UqzMAnZCdxJb LyPRbNo3Nv+bgS1DSw5qoyazXdGQ/MbYdUXhAK/8N0S/3GPPAlCCe6RsXHJVddZeSw1a 63pGoz3V2OjVJwYI+rJM4MQXNM3fb7gtRxzw5nNLFJ/vnMXMgxE1qlxIiM3YxC2X8S5Q ViFjC/yMGsXNBMCrZeO+qLlBxRyFHoxhnXYeswUuCYkdU5DhX9FWCMTSpMauYpjgQpSo SrpH3Cb44sAVBYLOfNxHwyiwFQ8erk39/qDsEHPk846GTX6dOzv4vm4zI/oFOo9K8fmw peNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=RtQ33k3TgUTq5m+iXX/okwJl0jJIhEmLCome+IIS2bk=; b=rmt+i9PoEGGzZAnBwU9g8iGM2LJGJYdMODmFs7mTNEAxMk7Tr0ERBZymVaCE3+EIK2 PK2m5Vu3j3yH+x0zB07wN4XWKaeASxrs/VJ0+USJ3eK0m+KoydArZEPWd2snjUll8NWt /jB949IKTWqaSUdVUOsqHpEn08kw02T+APE6n2vQsKDT+1OGStv8AXmf796j6D6sTnGv frSUo9zO0e+laTE/jI///seEgyupr3V+JKJCw56U0WyQ+qYnKH8BbeQu6aAW0O73QV1N 9ssfLGEtzsu63ez/pCNb6MOcgOeXkUfiEoQzEdYHHXxx9+GztCU6Qxjkar/yTpesYUxL oZkw==
X-Gm-Message-State: APjAAAU9NFF3s978B2DAHKc5KQ/QV5TQUEeLLgI5G4LN4CmF1VZO3w/y F4iznN10M7Owl4du8SRDFYvOX0U8o4yc333+Ao4=
X-Google-Smtp-Source: APXvYqxPEIJ1IEoqNMDIiEeeNAHzZ7JZFGc/8mM4+voyhnWhqDBJC6U6TwJX9SK2MvWUz5oF7/Zk5/zIMouw9zskHto=
X-Received: by 2002:a19:2297:: with SMTP id i145mr66461815lfi.97.1564856485961; Sat, 03 Aug 2019 11:21:25 -0700 (PDT)
MIME-Version: 1.0
References: <c3a112ba-baab-1cb0-97ad-21ff9999a637@cs.tcd.ie> <29756028-95f1-e6e5-b3ea-562cbc635df0@sandelman.ca> <5ef15ad2-5b20-e871-0d01-17cf906051c1@cs.tcd.ie> <22633.1564768705@localhost> <e7c02d44-353f-406c-818e-06a2e49ee212@www.fastmail.com> <5879878A-7CEA-4030-BB72-108CC4122719@gmail.com> <56f78164-7205-0cb8-eaaf-3bdae25a7c67@cs.tcd.ie> <34296538-559C-45B0-8D44-E35BCA47DD35@gmail.com> <9e9c4580-acbc-16fe-1af0-4be1ea33e700@cs.tcd.ie> <D5E68AEE-5B5B-4F5D-BDEF-54929F3067A3@gmail.com>
In-Reply-To: <D5E68AEE-5B5B-4F5D-BDEF-54929F3067A3@gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 03 Aug 2019 11:21:14 -0700
Message-ID: <CACsn0cn0NhoWCj3z-DiutDdsFY9wjtqWR69AQhccLwS1S3P3AQ@mail.gmail.com>
To: Bret Jordan <jordan.ietf@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Martin Thomson <mt@lowentropy.net>, model-t@iab.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/model-t/wV_y_Q1Tvhs2elsIMnzINssDmiU>
Subject: Re: [Model-t] model-t@iab.org list description
X-BeenThere: model-t@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions of changes in Internet deployment patterns and their impact on the Internet threat model <model-t.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/model-t>, <mailto:model-t-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/model-t/>
List-Post: <mailto:model-t@iab.org>
List-Help: <mailto:model-t-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/model-t>, <mailto:model-t-request@iab.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Aug 2019 18:21:31 -0000
How on earth do I write a Security Consideration section that addresses that sort of high level thing? What does this methodology produce? When we look at actual vulnerabilities with CVE numbers attached, and go back we don't see "active remote attack". We see using C is a bad idea. Look at programs doing what the users didn't want, and the answer isn't DNS filtering, it's sandboxing. Where is that in your list of answers? Attacks like "Johnny You're Fired" have a cause: overly complicated file formats with lots of edge cases. These are problems that some of which the IETF can't solve but some where a better threat model and understanding of security would have solved. At the same time we see problems like Amazon's architecture around VM authentication not respecting traditional Unix permission models because it makes credentials available over HTTP from the machine. So if you take a standard sort of setup and move it to the cloud, you now can have a problem sometimes called SSRF, but really just another Confused Deputy. I believe this was discovered on MULTICS. We need to have a model that gets people answering the right question, not the wrong one. And a threat taxonomy at the high level just says there are bad people online. We know that. That's the problem. How do we stop them from doing what they want? Well, that's where computer security comes in, and the goal has to be to recognize the security properties we want, and ensure the systems we have have those properties. And the threat model informs what the properties are. It doesn't matter how big the system. It doesn't matter if it's accessed by pigeon, phone, microwave link, or 5G. It doesn't even need to be made of silicon: HFDF was an anonymity attack resulting in location detection at the PHY layer, as was identifying telegraph operators by their fist. On Sat, Aug 3, 2019 at 10:26 AM Bret Jordan <jordan.ietf@gmail.com> wrote: > > Stephen, > > While there are several minor variations on the “Kill Chain” as defined originally by Lockheed Martin in the following paper back in 2011 I think (https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf). > > In addition, MITRE has recently produced an ATT&CK framework to help identify and characterize threat actor behavior. NIST has already produced a Cyber Security Framework that is commonly used when talking about these sorts of things. > > STIX on the other hand is a taxonomy for sharing threat intelligence. Things like threat actors, campaigns, intrusion sets, attack patterns, malware information, indicators of compromise, etc etc. > > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > > On Aug 3, 2019, at 8:40 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > > On 03/08/2019 15:37, Bret Jordan wrote: > > I did not use anything from STIX. Are you referring to the use of > kill chain phase? > > I was. If you're using some other methodology be interested > in which. (Those information model based approaches to > describing threats/incidents aren't something I follow in > detail.) > > Cheers, > S. > <0x5AB2FAF17B172BEA.asc> > > > -- > Model-t mailing list > Model-t@iab.org > https://www.iab.org/mailman/listinfo/model-t -- "Man is born free, but everywhere he is in chains". --Rousseau.
- [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Joseph Lorenzo Hall
- Re: [Model-t] model-t@iab.org list description Michael Richardson
- Re: [Model-t] model-t@iab.org list description Martin Thomson
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Eric Rescorla
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Jim Fenton
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Stephen Farrell
- Re: [Model-t] model-t@iab.org list description Christian Huitema
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] model-t@iab.org list description Carsten Bormann
- Re: [Model-t] model-t@iab.org list description Ted Lemon
- [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] model-t@iab.org list description Bret Jordan
- Re: [Model-t] model-t@iab.org list description Watson Ladd
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Eric Rescorla
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Dominique Lazanski
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Ted Lemon
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Stephen Farrell
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] What are we trying to protect Ted Lemon
- [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Christian Huitema
- Re: [Model-t] Primer Bret Jordan
- Re: [Model-t] What are we trying to protect Bret Jordan
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Ira McDonald
- Re: [Model-t] What are we trying to protect Thomas Hardjono
- Re: [Model-t] What are we trying to protect Watson Ladd
- Re: [Model-t] What are we trying to protect Thomas Hardjono