IETF Logo Mail Archive

Re: [sacm] Components for Vulnerability Assessment

Adam Montville <adam.w.montville@gmail.com> Wed, 19 April 2017 18:25 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E834129BD8 for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 11:25:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id palR_RxtgGr0 for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 11:25:55 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF99129BC7 for <sacm@ietf.org>; Wed, 19 Apr 2017 11:25:55 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id o22so33258959iod.3 for <sacm@ietf.org>; Wed, 19 Apr 2017 11:25:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Ot7QSg/tUhkYPZWBzZL11B+svxKO1xX4xJAacEJ15Sg=; b=trlA+ZQj6GklIGAiOqJf2ZGxDUl87IXd53KyiU/uj4wEDnrzh3bKIkLcMvG047ivI4 +J650ql/xBaHnpCtiXNDMTrdL2dS20ItXVeDpsv2p5rAiF7m4IQ4NQTg5funAa2Lp4Ho FoBSdN7xaidNQwZL64A4j/q1MWt7/ZZ2zhR52zGJRGP8uIZbER3XWRVgwUeSoOlWrHDP NiH3W6iv26/nsrposwCg+LPkFlAgMegGkcS84XR4DV8DV3VjEYZjxoI9Xr3VnYIa803t Qivl3IsA8QBtSzV6iVOsUqcTahVMRt/5+Abn0N7dyuYnqenmFTy04aaC5tzfVwO4tTEl DVkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Ot7QSg/tUhkYPZWBzZL11B+svxKO1xX4xJAacEJ15Sg=; b=tMN+CZCtHk5m+Jixicd4YHXYu0i+E8wN2A9TJ/1Ce4+G/fn7OnIT1pER/wPZvj+P9S PGqZjkA7TdLOgyA++sy1Tbc3Sgp8OPDBOhK88YMgcjh4umHLo5foHuKNBZFNRqg/Nxss 87D98aJCrbaDW7q4o0fEAa9XsgrfC0qU8y0kD0qFnoRi/tuN4C+nQ1Jv+z/FTNMWhMCo x8wU7BvldgcvwI1ZCCUVod9IyMmJSOIUjO9hmnmAGiFxIE0YCCVVcq2aVcvZRro5yhcZ cY05q8Nj5z49s/QYCKrm0a2ujRc1LA+da0tDB5viPd+WAyYVV5x3q3H22gSENmC2aHgs Wf0A==
X-Gm-Message-State: AN3rC/62SK1ENBmWr/S22QJl/6gErSnOYgiVYUJ0TrC2Q1AMld9PVnkM eCHnPfYRgpvIqfunPrbOxe8w7byNTg==
X-Received: by 10.36.37.147 with SMTP id g141mr22126767itg.69.1492626354565; Wed, 19 Apr 2017 11:25:54 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com> <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de> <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com> <CACknUNXA0NzV3x8rr0XNb+rXhe5KY-jyarj-MizLzDdp_xEx3g@mail.gmail.com> <b06bd200-3811-e153-576f-fdf10762812b@hs-bremen.de> <CY4PR09MB1351826E7F2714A503C7DB98A5180@CY4PR09MB1351.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB1351826E7F2714A503C7DB98A5180@CY4PR09MB1351.namprd09.prod.outlook.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Wed, 19 Apr 2017 18:25:44 +0000
Message-ID: <CACknUNUNYph8NrsNzRGUGiQW+++tsGn0rELDT8erE_a87H89Pg@mail.gmail.com>
To: "Haynes, Dan" <dhaynes@mitre.org>, Carl-Heinz Genzel <carl-heinz.genzel@hs-bremen.de>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a11453512a590c2054d8927a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/SCNMcC1Dp3AmLpTwnEpCuoAH0BA>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 18:25:58 -0000

Thanks for pointing that out. Yeah, IIRC, we were talking about the
differences between the two sequence diagrams, so it might well be the case
that the "affirmation" was about the diagram and not about any consensus in
the room.

Adam

On Wed, Apr 19, 2017 at 7:36 AM Haynes, Dan <dhaynes@mitre.org> wrote:

> Thanks Carl-Heinz, it looks like I missed that.  With that said, I will
> keep quiet and let someone who was there clarify :).
>
> Thanks,
>
> Danny
>
> > -----Original Message-----
> > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Carl-Heinz Genzel
> > Sent: Wednesday, April 19, 2017 1:48 AM
> > To: sacm@ietf.org
> > Subject: Re: [sacm] Components for Vulnerability Assessment
> >
> > Hello All,
> >
> > The comment mentioned by Danny becomes obsolete in the next section "Per
> > slide 8", where it seems to me that it is agreed upon to not combine the
> > repositories. However, I wasn't there.
> >
> > Best Regards,
> > Carl-Heinz Genzel
> >
> > Am 18.04.2017 um 17:27 schrieb Adam Montville:
> > >
> > >
> > > On Tue, Apr 18, 2017 at 9:55 AM Haynes, Dan <dhaynes@mitre.org
> > > <mailto:dhaynes@mitre.org>> wrote:
> > >
> > >     Hi Henk,
> > >
> > >     The reasoning behind my comment was that in the IETF 98 notes
> > >     (https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00)
> it
> > >     says:
> > >
> > >     ---
> > >     Per Slide 7:
> > >     Q: (Adam Montville): Is the vulnerability assessor talk to the
> > >     repository or talking directly to the collector?
> > >     A: (Jessica Fitzgerald-McKay): I could see an implementer combining
> > >     the collector and end-point repository into one.  If we're treating
> > >     them as functional components I'm not sure we need to be that
> specific.
> > >     A: (Dave Waltermire): We want this architecture to be
> > >     de-composable.  If we treat the end-point repository as a proxy, we
> > >     might be making things too complicated. It might be simpler to
> treat
> > >     the end-point repository as a data store.
> > >     A: (Adam Montville): Agreed.
> > >
> > >     Q: (Dave Waltermire) Are there any concerns with separating the
> > >     end-point repository and the collector being the component
> > >     responsible for collection?
> > >     A: <no response>
> > >
> > >     Comment: (Adam Montville): The "results repository" will now go
> into
> > >     the "end-point repository.
> > >     ---
> > >
> > >     Given that, I thought there was some consensus around making that
> > >     change.
> > >
> > >
> > > Hm...  FWIW, I don't feel I would have said that as a personal
> > > opinion, but maybe that there was some agreement in the room.  Of
> > > course, the list is what counts.
> > >
> > > Without a chair hat on, I happen to agree with Henk. What we are
> > > calling components are "compose-able function groups" in some sense,
> > > and that they should be treated separately, but are likely to be
> > > implemented in some composed manner.
> > >
> > >
> > >
> > >
> > >     Thanks,
> > >
> > >     Danny
> > >
> > >     > -----Original Message-----
> > >     > From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de
> > >     <mailto:henk.birkholz@sit.fraunhofer.de>]
> > >     > Sent: Tuesday, April 18, 2017 10:49 AM
> > >     > To: Haynes, Dan <dhaynes@mitre.org <mailto:dhaynes@mitre.org>>;
> > >     Adam Montville
> > >     > <adam.w.montville@gmail.com
> > <mailto:adam.w.montville@gmail.com>>;
> > >     sacm@ietf.org <mailto:sacm@ietf.org>
> > >     > Subject: Re: [sacm] Components for Vulnerability Assessment
> > >     >
> > >     > Hello Danny,
> > >     >
> > >     > the "Assessment Results Repository" and "Endpoint Repository"
> are two
> > >     > different components with different functions. The "Endpoint
> > >     Repository"
> > >     > of course is the provider for the consumer that is the
> "Assessment
> > >     Results
> > >     > Repository".
> > >     >
> > >     > Most certainly, both components can be running on the same
> > >     endpoint or be
> > >     > composed in a single service that merges both components. I
> > >     suppose that is
> > >     > what you meant?
> > >     >
> > >     > For the sake of show-casing how the architecture is working. I
> would
> > >     > recommend to start with each SACM component instantiated as a
> > separate
> > >     > software component. Despite the fact that it looks simpler to
> just
> > >     add the
> > >     > "Assessment Result" to the ""Endpoint Characterization Records"
> > >     > retained in an "Endpoint Repository".
> > >     >
> > >     > Ultimately, people will want to use existing software and
> > >     Asset/Inventory
> > >     > Management Software is a big candidate to provide the functions
> of an
> > >     > "Endpoint Repository". In consequence, I would keep these
> components
> > >     > instantiated separately in the first iteration.
> > >     >
> > >     > What does the group think?
> > >     >
> > >     > Viele Grüße,
> > >     >
> > >     > Henk
> > >     >
> > >     > On 04/18/2017 04:21 PM, Haynes, Dan wrote:
> > >     > > Hi Adam,
> > >     > >
> > >     > >
> > >     > >
> > >     > > I think this is a good list for me, but, should the assessment
> > >     results
> > >     > > repository be merged into the endpoint repository?
> > >     > >
> > >     > > Thanks,
> > >     > >
> > >     > > Danny
> > >     > >
> > >     > >
> > >     > >
> > >     > > *From:*sacm [mailto:sacm-bounces@ietf.org
> > >     <mailto:sacm-bounces@ietf.org>] *On Behalf Of *Adam
> > >     > > Montville
> > >     > > *Sent:* Tuesday, April 18, 2017 9:04 AM
> > >     > > *To:* sacm@ietf.org <mailto:sacm@ietf.org>
> > >     > > *Subject:* [sacm] Components for Vulnerability Assessment
> > >     > >
> > >     > >
> > >     > >
> > >     > > Hi All:
> > >     > >
> > >     > >
> > >     > >
> > >     > > We've got a list of components we think we care about for our
> > >     > > vulnerability assessment scenario (focusing on the narrowest
> "ideal
> > >     > > case" through the scenario for the time being.
> > >     > >
> > >     > >
> > >     > >
> > >     > > These are:
> > >     > >
> > >     > >
> > >     > >
> > >     > > * Vulnerability Detection Data Repository
> > >     > >
> > >     > > * Vulnerability Assessor
> > >     > >
> > >     > > * Endpoint Repository
> > >     > >
> > >     > > * Collector
> > >     > >
> > >     > > * Target Endpoint
> > >     > >
> > >     > > * Assessment Results Repository
> > >     > >
> > >     > >
> > >     > >
> > >     > > For reference, see our wiki [1] and/or the slides from IETF 98
> [2]
> > >     > > and/or the minutes from IETF 98 [3]
> > >     > >
> > >     > >
> > >     > >
> > >     > > Question to the WG: Is this an appropriate initial list of
> > >     components?
> > >     > >
> > >     > >
> > >     > >
> > >     > > Please opine within the next few days (say by end of your day
> on
> > >     > > Thursday, wherever you may be), so that we can generate some
> > >     momentum
> > >     > > on this effort.
> > >     > >
> > >     > >
> > >     > >
> > >     > > Kind regards,
> > >     > >
> > >     > >
> > >     > >
> > >     > > Adam
> > >     > >
> > >     > >
> > >     > >
> > >     > > [1]
> > >     > >
> > >
> https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenar
> > >     > > io
> > >     > >
> > >     > > [2]
> > >     > >
> > >
> https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerabilit
> > >     > > y-scenario-discussion-00.pdf
> > >     > >
> > >     > > [3]
> > >     https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt
> > >     > >
> > >     > >
> > >     > >
> > >     > >
> > >     > >
> > >     > >
> > >     > >
> > >     > > _______________________________________________
> > >     > > sacm mailing list
> > >     > > sacm@ietf.org <mailto:sacm@ietf.org>
> > >     > > https://www.ietf.org/mailman/listinfo/sacm
> > >     > >
> > >
> > >
> > >
> > > _______________________________________________
> > > sacm mailing list
> > > sacm@ietf.org
> > > https://www.ietf.org/mailman/listinfo/sacm
> > >
> >
> > --
> > _________________________________________________________________
> > _____________________
> >
> > Carl-Heinz Genzel
> > Wissenschaftlicher Mitarbeiter
> > Rechnernetze / Informationssicherheit
> > Institut für Informatik und Automation
> > Hochschule Bremen / University of Applied Sciences Flughafenallee 10,
> 28199
> > Bremen, Germany
> > tel.:  +49 421 5905 5442 <+49%20421%2059055442>
> > mobil: +49 179 1636844 <+49%20179%201636844>
> > email: carl-heinz.genzel@hs-bremen.de
> > _________________________________________________________________
> > __________
> >
> > _______________________________________________
> > sacm mailing list
> > sacm@ietf.org
> > https://www.ietf.org/mailman/listinfo/sacm
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>

v2.23.0 | Report a Bug | By Email