IETF Logo Mail Archive

Re: [sacm] Hackathon Goals and Stretch Goals

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Mon, 22 May 2017 14:03 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0D212EAB1 for <sacm@ietfa.amsl.com>; Mon, 22 May 2017 07:03:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5br3w7SMz56 for <sacm@ietfa.amsl.com>; Mon, 22 May 2017 07:03:17 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0108.outbound.protection.outlook.com [23.103.201.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CDB112EAA9 for <sacm@ietf.org>; Mon, 22 May 2017 07:03:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=n8vSWzVd4arp1HPq39NYnvfkLUsH2rD6aDEnN+8DVp8=; b=SybF8nHb8t3js3/OxzyXET091Dxe0BiUAkxmTNuTop+QHURhhGwLuD7OjeEEf5l/h7jUCh3nRXf7kqHMMGrrjcuH//Y3/KNBM3F/D0pnzSssaQvN2SB69M/CxFZG4HK0Zdb9xUOoj/9/iA9SGHsgZ/l1k8YN2u3E1fPFbT/YmAU=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1439.namprd09.prod.outlook.com (10.173.50.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.14; Mon, 22 May 2017 14:03:15 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.1101.019; Mon, 22 May 2017 14:03:15 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Adam Montville <adam.w.montville@gmail.com>, Ira McDonald <blueroofmusic@gmail.com>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] Hackathon Goals and Stretch Goals
Thread-Index: AQHSw40QMlp/vRwKbUKIX+AbOs/aX6Hsbg+AgAlQESCAAD7agIAAYDQAgADJUACAAA1IAIAALsEAgAS00wCABGMygIAABVOQ
Date: Mon, 22 May 2017 14:03:15 +0000
Message-ID: <MWHPR09MB14407052999C15BE91AC817DF0F80@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <CACknUNUhqqdumk1wombsAha0TQS4O4dNpajUs2Ak4jWDWZHXaA@mail.gmail.com> <CACknUNUQ_sgw46GsU8LoOq1puEyo8DUnJ4599h0GE=+Nc2Hxow@mail.gmail.com> <MWHPR09MB1440A80762DE455376735978F0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <CACknUNUA0YH5EXQrPJHMWqfp=PZcVc_FpeTR0T9SmRMsteSvhw@mail.gmail.com> <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com> <DM5PR09MB1354402E944E81A585B279D1A5E60@DM5PR09MB1354.namprd09.prod.outlook.com> <90838fdd-07be-fdf8-300f-614425d360ec@sit.fraunhofer.de> <CACknUNU-kuGMi8Oass_JT+3CvpAgbm8PAb1_KDTwM6D2X1o-JQ@mail.gmail.com> <CAN40gStPGRW7P6m2m7QrO8awCuksjyQoga4QCD3BzFqa_GN26Q@mail.gmail.com> <CACknUNWbEVOyq6G1t4E_vpucypRv3hRyRNfQEM2fGbW36U8epA@mail.gmail.com>
In-Reply-To: <CACknUNWbEVOyq6G1t4E_vpucypRv3hRyRNfQEM2fGbW36U8epA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1439; 7:/S5UO5RysEKKLVwF9zOF4pwlMezSj/6KjrMV97DOGLR74YTRGocQ1JMphhlBQPj9GIxNTlf94a0jpiKFexD6C60myUTqnwc4CDMTRteKJceDUPOMNwRoeJ2o3JB3hCfPBsNlvsxx+oRzkEhoMrO77tTozNQo+JcjeqV2dpWrfag7uPodf9tI+P6f7vPm3MH3jZIgWQ9M7r/zTBCmXlP4IL59Tx6Fk7869TVShcjFflri++JkQjUnrZGGP3L42eRpsjDjw2ohVJzj/tCd3MAIRGYEERLXjGA96cn4PbxBzwFF4LgWFUmZqYIbszYM+gMRpMx3x/SUTIlZmqgqP6JtlA==
x-ms-traffictypediagnostic: MWHPR09MB1439:
x-ms-office365-filtering-correlation-id: 3db92366-083f-4181-b4f1-08d4a11b4acb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:MWHPR09MB1439;
x-microsoft-antispam-prvs: <MWHPR09MB1439F7C2736ABC0F7E143610F0F80@MWHPR09MB1439.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637)(72170088055959)(131327999870524)(100405760836317)(21748063052155)(211171220733660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148); SRVR:MWHPR09MB1439; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1439;
x-forefront-prvs: 03152A99FF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39400400002)(39850400002)(39840400002)(39860400002)(39450400003)(39410400002)(24454002)(189002)(377454003)(51444003)(199003)(57704003)(3846002)(81166006)(6306002)(53546009)(7906003)(5660300001)(93886004)(19609705001)(7736002)(6116002)(86362001)(33656002)(6436002)(3660700001)(345774005)(122556002)(102836003)(2900100001)(3280700002)(790700001)(2906002)(478600001)(54906002)(7696004)(76176999)(50986999)(6506006)(25786009)(99286003)(39060400002)(966005)(77096006)(606005)(236005)(66066001)(4326008)(9686003)(54356999)(189998001)(54896002)(14971765001)(6246003)(2950100002)(53936002)(74316002)(8676002)(8936002)(55016002)(38730400002)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1439; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR09MB14407052999C15BE91AC817DF0F80MWHPR09MB1440namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2017 14:03:15.4493 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1439
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/DHHjzSB7q9LjoV6YR0c1k-qlZjM>
Subject: Re: [sacm] Hackathon Goals and Stretch Goals
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 14:03:20 -0000

I am not sure we need the IM format at all, and what data elements to use is underspecified for implementation if we wanted to use it.

If the data stores are communicated with using native query languages  (e.g. SQL, SPARQL), we do not have much need for a common message format at this time. IMHO, looking at what information is exchanged over a query language will help us to identify what more is needed for exchange in this area, while allowing us to move forward from a practical perspective.

Regards,
Dave

From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Adam Montville
Sent: Monday, May 22, 2017 9:39 AM
To: Ira McDonald <blueroofmusic@gmail.com>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>; sacm@ietf.org
Subject: Re: [sacm] Hackathon Goals and Stretch Goals

Ira, thank you for sharing your opinion. I am perfectly fine making such a declaration, but I would like others to chime in also. I know at least one other who believes doing this would be a good idea, but I'm not sure about any sort of consensus on the issue at this point.

To your other points, I agree completely - this is proof-of-concept work, not finished product. So, it can be an ugly, but instructional, solution.

Adam
On Fri, May 19, 2017 at 1:39 PM Ira McDonald <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote:
Hi Adam,
Chiming in below on one point raised in this Hackathon goals conversation.
Cheers,
- Ira

On Tue, May 16, 2017 at 2:47 PM, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> wrote:
Hi Henk. I'll try inline.
On Tue, May 16, 2017 at 11:04 AM Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>> wrote:
<...snip...>

Also, I noticed conflicting notions about how important it is to prepare
a message format to convey information between components. While it
might not be as critical as "having actual component code to work with",
interoperability is key. And if we would agree on a preliminary data
structure (probably derived from the current IM), before we start the
hackathon, we could save some time during the f2f on-site. It's probably
a low hanging fruit also, as I am not talking about every IE to be
conveyed, but about the general message structure ("the container") and
the corresponding encoding for data in motion.

[AWM] There are differing perspectives on this front. Yes, having a common structure could be useful, but it may not be necessary for the purposes of this effort. This effort is somewhat different from others that I've heard of, in that we are not implementing a solution as much as we are discovering one. I do expect that we will discover the structures we need as we develop the solution. What do others think about this? Do we need to have this information up front, or is it something we can discover as we go?

<ira> For message wire format for the Hackathon, please consider taking the SACM
Information Model verbatim and using that XSD for XML wire format.  Efficiency is
totally irrelevant.  So is elegance.  You're trying to do a proof of concept.  Defining
the Hackathon wire format interactively in the room is a time waster idea, IMO.


Thoughts?


Viele Grüße,

Henk




On 05/16/2017 05:12 PM, Haynes, Dan wrote:
> Seems like a reasonable story to focus around, for the hackathon, to me.
>
>
>
> Thanks,
>
> Danny
>
>
>
> *From:*sacm [mailto:sacm-bounces@ietf.org<mailto:sacm-bounces@ietf.org>] *On Behalf Of *Jerome Athias
> *Sent:* Monday, May 15, 2017 11:12 PM
> *To:* Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>>; Waltermire, David A.
> (Fed) <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>; sacm@ietf.org<mailto:sacm@ietf.org>
> *Subject:* Re: [sacm] Hackathon Goals and Stretch Goals
>
>
>
> I think it's a good idea too.
>
> I don't know who is supposed to participate to this hackathon?
>
> Potentially you could market it by capitalizing on real known events,
> (without trolling) let's say "new critical vulnerability", "for
> preventing ransomware" "FictitousCorp needs to Respond quickly and have
> a system to Identify and Protect its endpoints..."
>
>
>
>
>
> On Tue, 16 May 2017 at 00:30, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>
> <mailto:adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>>> wrote:
>
>     I think that's a good idea. How do folks feel about this story? Is
>     it lacking anything? Is it too specific? What would you change about
>     it if you could?
>
>
>
>     On Mon, May 15, 2017 at 12:57 PM Waltermire, David A. (Fed)
>     <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov> <mailto:david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>>> wrote:
>
>         I was thinking that it would be useful to have a user story to
>         implement against for the Hackathon. How about something like
>         the following that maps to our goals:
>
>
>
>         A vendor identifies a vulnerability in their software product.
>         They produce a new version of their software and publish a
>         vulnerability bulletin that indicates customers should upgrade
>         to the new version to address the vulnerability. The product
>         versions have both a SWID tag and a CoSWID tag. As a customer of
>         this vendor that uses the affected products, we need to build a
>         vulnerability assessment system that is capable of detecting
>         what version of the software is installed and determine if that
>         version is vulnerable using the vendor provided information. The
>         Collector will be capable of gathering software inventory
>         information from one or more target endpoints by:
>
>
>
>         1)      Requesting software inventory information for the
>         affected software based on an ad-hoc request.
>
>         2)      Reporting the software inventory as software changes occur
>
>
>
>         Collected software inventory information will be stored in the
>         Assessment Results Repository and will be compared to
>         vulnerability detection data retrieved from the Vulnerability
>         Detection Data Repository. The vulnerability detection data will
>         be derived from the vendor provided information in some useful
>         way to be determined by the Vulnerability Assessor.
>
>
>
>         How does this look?
>
>
>
>         Regards,
>
>         Dave
>
>
>
>         *From:*sacm [mailto:sacm-bounces@ietf.org<mailto:sacm-bounces@ietf.org>
>         <mailto:sacm-bounces@ietf.org<mailto:sacm-bounces@ietf.org>>] *On Behalf Of *Adam Montville
>         *Sent:* Tuesday, May 09, 2017 3:30 PM
>         *To:* sacm@ietf.org<mailto:sacm@ietf.org> <mailto:sacm@ietf.org<mailto:sacm@ietf.org>>
>         *Subject:* Re: [sacm] Hackathon Goals and Stretch Goals
>
>
>
>         All:
>
>
>
>         This week Dave and I have had an opportunity to discuss these a
>         bit further. We've come up with the following set of goals and
>         outcomes:
>
>
>
>         GOAL: Running code demonstrating the communication needs between
>         identified components as they pertain to the on-request
>         collection case through the scenario, where that case is
>         described
>         at https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario.
>         OUTCOME: We will have specific understanding of components'
>         boundaries and the necessary information flows (including
>         information being communicated) between them.
>
>
>
>         GOAL: Leverage existing collected data in a data repository.
>         OUTCOME: Demonstrate that previously collected data can be
>         reused to support vulnerability assessment
>
>
>
>         GOAL: Running code to extend that base case to include a
>         mechanism capable of monitoring a given set of endpoint
>         attributes for change. OUTCOME: We will have specific
>         understanding of additional architectural considerations for
>         handling monitoring vs. on-request collection, as well as any
>         additional information flows required.
>
>
>
>         Does anyone care to bash these goal-ouctome pairs in the context
>         of our hackathon plans?  If so, please do so over the next day
>         or two, otherwise these will become the stated goals for our
>         hackathon.
>
>
>
>         Kind regards,
>
>
>
>         Adam
>
>
>
>         On Tue, May 2, 2017 at 4:40 PM Adam Montville
>         <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com> <mailto:adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>>>
>         wrote:
>
>             All:
>
>
>
>             Last week Dave sent a list of milestones to the list. The
>             first of which was for the WG to define some goals for the
>             IETF 99 hackathon. I can see at least one primary goal with
>             at least one stretch goal. The primary goal is to have
>             running code demonstrating the basic/ideal case through our
>             vulnerability scenario, where a new vulnerability is
>             discovered and we need to reach out all the way to the
>             endpoint to determine whether it is in fact vulnerable. A
>             stretch goal might be to have running code demonstrating a
>             "monitor for this vulnerability from now on" capability (I'm
>             sure I'm not stating that as well as I could).
>
>
>
>             Does anyone have additional goals? Or, are there better ways
>             to state these particular goals (there probably are)?
>
>
>
>             Kind regards,
>
>
>
>             Adam
>
>     _______________________________________________
>     sacm mailing list
>     sacm@ietf.org<mailto:sacm@ietf.org> <mailto:sacm@ietf.org<mailto:sacm@ietf.org>>
>     https://www.ietf.org/mailman/listinfo/sacm
>
>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org<mailto:sacm@ietf.org>
> https://www.ietf.org/mailman/listinfo/sacm
>

_______________________________________________
sacm mailing list
sacm@ietf.org<mailto:sacm@ietf.org>
https://www.ietf.org/mailman/listinfo/sacm

_______________________________________________
sacm mailing list
sacm@ietf.org<mailto:sacm@ietf.org>
https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email