Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Watson Ladd <watsonbladd@gmail.com> Tue, 08 November 2016 15:02 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0EEF129407 for <saag@ietfa.amsl.com>; Tue, 8 Nov 2016 07:02:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tSFt7JG6K31H for <saag@ietfa.amsl.com>; Tue, 8 Nov 2016 07:02:58 -0800 (PST)
Received: from mail-vk0-x243.google.com (mail-vk0-x243.google.com [IPv6:2607:f8b0:400c:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB26A12007C for <saag@ietf.org>; Tue, 8 Nov 2016 07:02:57 -0800 (PST)
Received: by mail-vk0-x243.google.com with SMTP id w194so7800560vkw.3 for <saag@ietf.org>; Tue, 08 Nov 2016 07:02:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IOBKJnusfMdl7ExbWNhaSJctzQdLLDeIq9p5s6vKre0=; b=kkBBLPnkD/iuDm2V1Fp5JIwdfouWMIQj8aIvuXuhQIePFvPRET0Xgj8DfQuAuCtXs1 gU3gVHM4PWdnocpxr8lkkBwnawDuLCXjoQCaLJRMpjI6Ov9R6EyAXJWHGE/UsdSdhMs1 hdSHNFUb/MJ+jSKBEBIg5/hNj0Jufwqsi/hHKx0/oqqlRAwCRgT8sBQHh3WbQxr9YXK9 U06uROrgRHumZzlJvGDwRyTAXnKlcVDdLp0iI1aO2LAh1hA48OMOyuuo9/DdAXrCqzJ3 tr8En9Tps/FUdHjUmhgqQkUqrjOg7tcy79vUI1xmM52yjiz8G1J1smy+VZ9hIqKdPB4p XTHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IOBKJnusfMdl7ExbWNhaSJctzQdLLDeIq9p5s6vKre0=; b=FeIST3JJ/xntmF+tSr0hcE8Q4HtjGt+y0h0dzsQ7b0XjqGoXSciTdEAxYlnKnqmGwU ZYsQRBgq/+419DCuuekSd/7rOL/PAMJy0LH5WVR/yyRcX1ATnsItWTsaNj5H/oFjHb3Y 0mTEH+ZVU/yrPqtyedHyMN1xYtBGU+gZx6YM5U+x+gEHc+oEXc0gPPdCeZdvLduw9WP1 DjRu7jWuevtB36Ys2D6s/LP6J/Cf81ksiw3WkrufSzFlR16CaHq6jnG2DxWR4Pg6E1RG keRI1x9FnwFNKpNpSTaK2h+QZNNi3DcMZoFL9uM/OSaUwRSTgx5rju0dmhYO9InOTm2U 4/uQ==
X-Gm-Message-State: ABUngveecfQXAcV9WgKfW0A1gZgN5ig9sxx2eX1BNstZqwDAFh0lrypvA0IlJf25OnH8hrXcspqSVIauVo17ag==
X-Received: by 10.31.178.66 with SMTP id b63mr8240451vkf.70.1478617376747; Tue, 08 Nov 2016 07:02:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.85.18 with HTTP; Tue, 8 Nov 2016 07:02:56 -0800 (PST)
In-Reply-To: <99b43920-ee16-3cb2-731b-941718749cf5@afrinic.net>
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <99b43920-ee16-3cb2-731b-941718749cf5@afrinic.net>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 08 Nov 2016 07:02:56 -0800
Message-ID: <CACsn0cmce8ZpDThPGA01PgnLfkyD3GyjJJVayiCaFikDUnZ77w@mail.gmail.com>
To: Loganaden Velvindron <logan@afrinic.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/YTjpNpY8LfGILvfsYPKQx2ObKfA>
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2016 15:03:00 -0000
On Mon, Nov 7, 2016 at 11:42 PM, Loganaden Velvindron <logan@afrinic.net> wrote: > > > On 11/5/16 5:25 AM, Keith Moore wrote: >> Stephen Farrell suggested I bring this draft to your attention. This >> was a rush job as the authors just started talking about this last >> Friday, but it was written in response to recent DDoS attacks that >> utilized easily-compromised IoT devices. I'm sure there are missing >> pieces (I've identified a few since -00) and sections that could be >> stated better (like the title of section 2.3.2), but hopefully this is >> a useful start. >> >> https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/ > [Speaking for myself] > > That's a great start. > > Can you please consider adding section 2.6.3. Sandboxing techniques > Device firmware SHOULD be designed to restrict processes attack surface > by isolating them in sandboxing, in addition to privilege minization. In > case of compromise, the attack surface is significantly reduced, > particularly in the case of privilege minimization. > > [I'm thinking about OpenSSH and Linux seccomp-bpf sandbox, and also > techniques like OpenBSD's pledge] Does OS sandboxing actually work? Real attackers attack. That means they have carefully studied the system call interface of operating systems to find bugs, which they can use to escape from running arbitrary code to violating all security properties. They don't break the sandbox layer but exploit the kernel instead. ASLR, N^X, CFG, and memory safety stop attacks. (That's not MMU, that's using a memory safe language) Sandboxing has limited effectiveness, and we should recommend memory safety as the easiest way to prevent RCE. I'm also disappointed to see no mention of web interface security. > >> >> Keith >> >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag -- "Man is born free, but everywhere he is in chains". --Rousseau.
- [saag] draft-moore-iot-bcp-00 (Best Current Pract… Keith Moore
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Natasha Rooney
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Natasha Rooney
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ira McDonald
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ronald del Rosario
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Loganaden Velvindron
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ari Keränen
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Watson Ladd
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Garcia Morchon O, Oscar
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Adam Montville
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Michael Richardson
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Garcia Morchon O, Oscar
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ben Laurie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ben Laurie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Adrian Hope-Bailie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Eliot Lear
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Jeffrey Walton
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Jeffrey Walton
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Carsten Bormann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… kathleen.moriarty.ietf