IETF Logo Mail Archive

Re: [sacm] Components for Vulnerability Assessment

Carl-Heinz Genzel <carl-heinz.genzel@hs-bremen.de> Wed, 19 April 2017 05:47 UTC

Return-Path: <carl-heinz.genzel@hs-bremen.de>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FF4131514 for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 22:47:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qa1QTy0JEVEn for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 22:47:47 -0700 (PDT)
Received: from fmail2.hs-bremen.de (fmail2.hs-bremen.de [IPv6:2001:638:703:2::15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8294A131513 for <sacm@ietf.org>; Tue, 18 Apr 2017 22:47:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by fmail2.hs-bremen.de (Postfix) with ESMTP id 8BB0D27920 for <sacm@ietf.org>; Wed, 19 Apr 2017 07:47:45 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at fmail2.hs-bremen.de
Received: from fmail2.hs-bremen.de ([127.0.0.1]) by localhost (fmail2.hs-bremen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UnazACAJ4Zm5 for <sacm@ietf.org>; Wed, 19 Apr 2017 07:47:44 +0200 (CEST)
Received: from mail.hs-bremen.de (mail.hs-bremen.de [194.94.24.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.hs-bremen.de", Issuer "Hochschule Bremen CA 1" (verified OK)) by fmail2.hs-bremen.de (Postfix) with ESMTPS id 8E4B627913 for <sacm@ietf.org>; Wed, 19 Apr 2017 07:47:44 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.hs-bremen.de (Postfix) with ESMTP id 7931C311BA for <sacm@ietf.org>; Wed, 19 Apr 2017 07:47:44 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at mail.hs-bremen.de
Received: from mail.hs-bremen.de ([127.0.0.1]) by localhost (mail.hs-bremen.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQ9mtJC4L5h1 for <sacm@ietf.org>; Wed, 19 Apr 2017 07:47:43 +0200 (CEST)
Received: from [172.24.16.90] (x55b358e2.dyn.telefonica.de [85.179.88.226]) (Authenticated sender: cagenzel) by mail.hs-bremen.de (Postfix) with ESMTPSA id 2A010311B7 for <sacm@ietf.org>; Wed, 19 Apr 2017 07:47:43 +0200 (CEST)
To: sacm@ietf.org
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com> <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de> <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com> <CACknUNXA0NzV3x8rr0XNb+rXhe5KY-jyarj-MizLzDdp_xEx3g@mail.gmail.com>
From: Carl-Heinz Genzel <carl-heinz.genzel@hs-bremen.de>
Message-ID: <b06bd200-3811-e153-576f-fdf10762812b@hs-bremen.de>
Date: Wed, 19 Apr 2017 07:47:41 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CACknUNXA0NzV3x8rr0XNb+rXhe5KY-jyarj-MizLzDdp_xEx3g@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/IN8s51f2YgL_WdIrH0ZdxvxvEwo>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 05:47:50 -0000

Hello All,

The comment mentioned by Danny becomes obsolete in the next section "Per
slide 8", where it seems to me that it is agreed upon to not combine the
repositories. However, I wasn't there.

Best Regards,
Carl-Heinz Genzel

Am 18.04.2017 um 17:27 schrieb Adam Montville:
> 
> 
> On Tue, Apr 18, 2017 at 9:55 AM Haynes, Dan <dhaynes@mitre.org
> <mailto:dhaynes@mitre.org>> wrote:
> 
>     Hi Henk,
> 
>     The reasoning behind my comment was that in the IETF 98 notes
>     (https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00) it
>     says:
> 
>     ---
>     Per Slide 7:
>     Q: (Adam Montville): Is the vulnerability assessor talk to the
>     repository or talking directly to the collector?
>     A: (Jessica Fitzgerald-McKay): I could see an implementer combining
>     the collector and end-point repository into one.  If we're treating
>     them as functional components I'm not sure we need to be that specific.
>     A: (Dave Waltermire): We want this architecture to be
>     de-composable.  If we treat the end-point repository as a proxy, we
>     might be making things too complicated. It might be simpler to treat
>     the end-point repository as a data store.
>     A: (Adam Montville): Agreed.
> 
>     Q: (Dave Waltermire) Are there any concerns with separating the
>     end-point repository and the collector being the component
>     responsible for collection?
>     A: <no response>
> 
>     Comment: (Adam Montville): The "results repository" will now go into
>     the "end-point repository.
>     ---
> 
>     Given that, I thought there was some consensus around making that
>     change.
> 
> 
> Hm...  FWIW, I don't feel I would have said that as a personal opinion,
> but maybe that there was some agreement in the room.  Of course, the
> list is what counts.
> 
> Without a chair hat on, I happen to agree with Henk. What we are calling
> components are "compose-able function groups" in some sense, and that
> they should be treated separately, but are likely to be implemented in
> some composed manner.
> 
>  
> 
> 
>     Thanks,
> 
>     Danny
> 
>     > -----Original Message-----
>     > From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de
>     <mailto:henk.birkholz@sit.fraunhofer.de>]
>     > Sent: Tuesday, April 18, 2017 10:49 AM
>     > To: Haynes, Dan <dhaynes@mitre.org <mailto:dhaynes@mitre.org>>;
>     Adam Montville
>     > <adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com>>;
>     sacm@ietf.org <mailto:sacm@ietf.org>
>     > Subject: Re: [sacm] Components for Vulnerability Assessment
>     >
>     > Hello Danny,
>     >
>     > the "Assessment Results Repository" and "Endpoint Repository" are two
>     > different components with different functions. The "Endpoint
>     Repository"
>     > of course is the provider for the consumer that is the "Assessment
>     Results
>     > Repository".
>     >
>     > Most certainly, both components can be running on the same
>     endpoint or be
>     > composed in a single service that merges both components. I
>     suppose that is
>     > what you meant?
>     >
>     > For the sake of show-casing how the architecture is working. I would
>     > recommend to start with each SACM component instantiated as a separate
>     > software component. Despite the fact that it looks simpler to just
>     add the
>     > "Assessment Result" to the ""Endpoint Characterization Records"
>     > retained in an "Endpoint Repository".
>     >
>     > Ultimately, people will want to use existing software and
>     Asset/Inventory
>     > Management Software is a big candidate to provide the functions of an
>     > "Endpoint Repository". In consequence, I would keep these components
>     > instantiated separately in the first iteration.
>     >
>     > What does the group think?
>     >
>     > Viele Grüße,
>     >
>     > Henk
>     >
>     > On 04/18/2017 04:21 PM, Haynes, Dan wrote:
>     > > Hi Adam,
>     > >
>     > >
>     > >
>     > > I think this is a good list for me, but, should the assessment
>     results
>     > > repository be merged into the endpoint repository?
>     > >
>     > > Thanks,
>     > >
>     > > Danny
>     > >
>     > >
>     > >
>     > > *From:*sacm [mailto:sacm-bounces@ietf.org
>     <mailto:sacm-bounces@ietf.org>] *On Behalf Of *Adam
>     > > Montville
>     > > *Sent:* Tuesday, April 18, 2017 9:04 AM
>     > > *To:* sacm@ietf.org <mailto:sacm@ietf.org>
>     > > *Subject:* [sacm] Components for Vulnerability Assessment
>     > >
>     > >
>     > >
>     > > Hi All:
>     > >
>     > >
>     > >
>     > > We've got a list of components we think we care about for our
>     > > vulnerability assessment scenario (focusing on the narrowest "ideal
>     > > case" through the scenario for the time being.
>     > >
>     > >
>     > >
>     > > These are:
>     > >
>     > >
>     > >
>     > > * Vulnerability Detection Data Repository
>     > >
>     > > * Vulnerability Assessor
>     > >
>     > > * Endpoint Repository
>     > >
>     > > * Collector
>     > >
>     > > * Target Endpoint
>     > >
>     > > * Assessment Results Repository
>     > >
>     > >
>     > >
>     > > For reference, see our wiki [1] and/or the slides from IETF 98 [2]
>     > > and/or the minutes from IETF 98 [3]
>     > >
>     > >
>     > >
>     > > Question to the WG: Is this an appropriate initial list of
>     components?
>     > >
>     > >
>     > >
>     > > Please opine within the next few days (say by end of your day on
>     > > Thursday, wherever you may be), so that we can generate some
>     momentum
>     > > on this effort.
>     > >
>     > >
>     > >
>     > > Kind regards,
>     > >
>     > >
>     > >
>     > > Adam
>     > >
>     > >
>     > >
>     > > [1]
>     > >
>     https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenar
>     > > io
>     > >
>     > > [2]
>     > >
>     https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerabilit
>     > > y-scenario-discussion-00.pdf
>     > >
>     > > [3]
>     https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt
>     > >
>     > >
>     > >
>     > >
>     > >
>     > >
>     > >
>     > > _______________________________________________
>     > > sacm mailing list
>     > > sacm@ietf.org <mailto:sacm@ietf.org>
>     > > https://www.ietf.org/mailman/listinfo/sacm
>     > >
> 
> 
> 
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
> 

-- 
______________________________________________________________________________________

Carl-Heinz Genzel
Wissenschaftlicher Mitarbeiter
Rechnernetze / Informationssicherheit
Institut für Informatik und Automation
Hochschule Bremen / University of Applied Sciences
Flughafenallee 10, 28199 Bremen, Germany
tel.:  +49 421 5905 5442
mobil: +49 179 1636844
email: carl-heinz.genzel@hs-bremen.de
___________________________________________________________________________

v2.23.0 | Report a Bug | By Email