[saag] SMART summary
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 26 March 2019 11:11 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8A2F120312 for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 04:11:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjh47bXUrxEC for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 04:11:32 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 492B9120309 for <saag@ietf.org>; Tue, 26 Mar 2019 04:11:32 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id d201so10382588iof.7 for <saag@ietf.org>; Tue, 26 Mar 2019 04:11:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=sw+ntURXYyFhjHo8af0cB27C6Q6G9IyC/Fc6kkTWEJE=; b=oNzHxfWBK619PhxbbFSUXXjwzUllgehftWoQ/JckcSTmDnwvBZw88KLHGAinLhwJfj 3iSzQ3TpnNP3q8r2ANNquH+bkqHrEp7oDlJgw/3DtUuLUw3f16Og0M3HhJdZulVmuBBr +A10pb3YwoxrjAO7mid3eOaqhPQ7Ar1byHTNdzD3D7bKOYk4OQPJRGklY5zfc1Ob9TFs 7kcUWb3lDIyXRcRbRUTNPkQszUE9kpty6RXpjVE/yAn8llIDM0w6vEnuO7ByKvDYG6of aJSakFfbpYI28oiku32DMlYj5/rw/jU8ayjqHb3B4LO6Ub3h0gaHFDz+o/dCLS3DMgZ5 C8YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=sw+ntURXYyFhjHo8af0cB27C6Q6G9IyC/Fc6kkTWEJE=; b=HyLBD7VT0rl61As6H5+6i04mgtwu6rvr0fNiIVRRf9nS7GOZBkglsJ6caK3/Pqck7s 9V4ws7NlwrHd/VYAWWTtr9Z2AmdvpQk8fSbqTjrqCny3Fij2A1VwfY4Xe+sfXFRBmp8a sVTh+rywzWrgRkSQYmBo+Im98AeAfNsWffZaS9Ai8fG2Vb6CYVv5n7BABqpKiYky79q8 87Yf6NhpofbEJm/I2ww8Eb3r8PorKOQy/pmvVTWP+YWvbRY4phZHu1dcnVFkQ3U4mI61 xIBZ6AwdtEBsurItQ6n3EOwcicHTsRiho8pO3S2jj8fn9PJERDcITW2I6Jer7d7WxxIF rZSg==
X-Gm-Message-State: APjAAAUqWe4bx50/5q9Q9cJEB1GCc5riklBAYGll6jemD5oObre3tPuO B+3Izk9TKDZzK6s+R2uEyd19OZ3I5ypv02++vJCdOeLH9H8=
X-Google-Smtp-Source: APXvYqwg6tUTIEPi0EqgZAs9e7P5QGM4DwzX9SUKDxOPPg/YQyRDrpX7HUlgAqvHd5pSu/5TqugZovcxf9au40CFQ7Q=
X-Received: by 2002:a6b:e50d:: with SMTP id y13mr18624102ioc.142.1553598691538; Tue, 26 Mar 2019 04:11:31 -0700 (PDT)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 26 Mar 2019 07:10:55 -0400
Message-ID: <CAHbuEH4M0AqZ9aHped9UmapLk+zJR8Y4M5xq0h=4pxfCOcog+w@mail.gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000021fb240584fd6235"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/2tXlo9qQ72kmugxumHLEuMfNR9w>
Subject: [saag] SMART summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 11:11:42 -0000
Stopping Malware And Researching Threats (SMART) met Monday afternoon as an IAB Session, which aims to be an IRTF research group. SMART met on Monday to discuss the problem statement and some areas for research possible for the effort. A brief review of the Coordinating Attack Response at Internet Scale (CARIS) 2 workshop was provided. A full meeting report will be forthcoming. Several researchers and industry representatives presented. Talks included: Malicious Uses of Evasive Communications and Threats to Privacy (David McGrew) Highlighted questions and areas of research for SMART. Showed multiple views into work focused on privacy. Many protocols in the IETF are designed for benign uses but can be used in a malicious way. Attacks lead to data breaches and a negative impact on privacy. Threat Landscape Report (Arnaud Taddei) Reviewed statistics from the incident responder viewpoint. Some metrics will be further clarified on the list. Understanding the threat landscape helps to prioritize efforts based on trends. Testing for the good of the internet (Simon Edwards) Discussed testing of vendor products and taking the full attack chain into consideration for detection. Talked about the difficulties with testing samples due to bias with available samples but described the methodology of testing security against a full attack chain. BGP hijacking (Töma Gavrichenkov) Multiple drafts exist and are in review for BGP hijacking solutions (other BGP problems exist and there is a possible area of research to explore and provide guidance). Should SMART play a role in providing guidance to IETF draft proposals from an attack defence perspective? CLESS draft on endpoint security (Arnaud Taddei) The CLESS draft surveys the end point capabilities and limitations for one set of end points, others expected to be added. This draft is focused on what can be done at the end point, for a full understanding of what can be done on the end point, and therefore what must be done in the protocol. This is needed as security capabilities are expected to shift to the end point with more end-to-end encryption. Contributions were requested on this early draft. One Snake (Ian Levy, NCSC) Highlighted numerous problems for the information security professional, the opportunities for research, measurement, and advancement in this space and why a group like SMART is needed. Room was surveyed to determine interest in contributing or reviewing work. About half the room raised hands. Scope needs to be determined and hand offs to the IETF Security Area are likely depending on the work that comes in. Contributions are welcome. There were about 150 people that signed the blue sheets, room seemed packed a bit more. -- Best regards, Kathleen & Kirsty
- Re: [saag] SMART summary Stephen Farrell
- [saag] SMART summary Kathleen Moriarty
- Re: [saag] SMART summary Stephen Farrell
- Re: [saag] SMART summary Kirsty P