Re: [sacm] Components for Vulnerability Assessment
Adam Montville <adam.w.montville@gmail.com> Wed, 19 April 2017 18:22 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0504E129BCD for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 11:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojVXHzgTrLmA for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 11:22:33 -0700 (PDT)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25B95129B11 for <sacm@ietf.org>; Wed, 19 Apr 2017 11:22:33 -0700 (PDT)
Received: by mail-io0-x232.google.com with SMTP id k87so31481441ioi.0 for <sacm@ietf.org>; Wed, 19 Apr 2017 11:22:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=yIX56KmGLzT3qH6wp1Okc/ZMllHvsNwHhvO5tB6X+7I=; b=BA3/8zOqgLxcKg+uUf+qfsWY3HmrKRyJuBK/4MKGmRAo3jnz/HzmVNWJScgqVuxMxB TeTkXNRorv9YpaDg5WKhrcP6a/oROVMRndhi7NeG+j505mUmseIUL4VSoWpx/7cTpQUa XVxwwKmgv1HBCXST8lFgw/Fb7jx3miHoge6IoZPqLlyxumSaOIBQBTJCijWz5rz7TjGV yTKcbMz/kB+byFHbSNfCAkwvIyxV+wPe2Z1Spkb7k+UiAZRHO7KLooFSHPqiLmitsJdK tW8No8je3OPzEIH34CIOiw19D+pRhlYSf8KwfNbL6JqTEX5JL2urnqgMs6reiXh9flpq 39kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=yIX56KmGLzT3qH6wp1Okc/ZMllHvsNwHhvO5tB6X+7I=; b=qgxQ2n+7wTgNb2l4X0j4uAMAZnS5z3WqwAuHaNdMU2tipjtp7oHAkFuIJsZ2B50utL 34Y/2lMK2dGQPF4bJ7fkrj8DQtdWjv69AmB89U6wGPERW4H6W5NspPqURZFSARWxFBAt 366IMmgpgYn1KagYHFgtpGC6/tb5pXlTzi/VOVvf68n7SC4ocJ8s76VoghGfEWsMzA3p k6MVvOvXEvI9f+uIxQITDr/wtfI3PvYvhvEk87E7uOxUjDZV7D+BVbVb1KqBlBLYAv2Q 57S20MExJHnqTMPubhELTc763TDNt14FNLDYyyRfAHxTVJLYHABzqBY27vKUQYEpVZsD 6bBQ==
X-Gm-Message-State: AN3rC/6R0sLevfzskQIScbAnLLo2gS84UZDDSxOi4kRBVaB29IFJykW6 jaC1WOQAv6lEVdM7AGexkfQ9z+zS/A==
X-Received: by 10.107.170.80 with SMTP id t77mr4894238ioe.113.1492626151857; Wed, 19 Apr 2017 11:22:31 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com> <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de> <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com> <c0000ffed23d4ca3b013d9cb1d68a171@EXSRV2.EKFU.LOCAL> <CY4PR09MB1351657EA694CF0551019B1AA5180@CY4PR09MB1351.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB1351657EA694CF0551019B1AA5180@CY4PR09MB1351.namprd09.prod.outlook.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Wed, 19 Apr 2017 18:22:21 +0000
Message-ID: <CACknUNVPqy-YjAZ2gqeE2W3fDpcqivTCUt=pydk3YZbn6d_Z8g@mail.gmail.com>
To: "Haynes, Dan" <dhaynes@mitre.org>, Muhammad Nasir Mumtaz Bhutta <mmbhutta@kfu.edu.sa>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a11415d589078fb054d891bd5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/Zz5_07cA1OcjhFwtBGSuvquWYDs>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 18:22:36 -0000
+1, thanks Danny. On Wed, Apr 19, 2017 at 7:34 AM Haynes, Dan <dhaynes@mitre.org> wrote: > Hi Muhammad, > > You will want to check out the Vulnerability Assessment Scenario first > which can be found here ( > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario). > You can also find additional information in this thread ( > https://www.ietf.org/mail-archive/web/sacm/current/msg04698.html). > > Hope this helps! > > Thanks, > > Danny > > > -----Original Message----- > > From: Muhammad Nasir Mumtaz Bhutta [mailto:mmbhutta@kfu.edu.sa] > > Sent: Wednesday, April 19, 2017 1:50 AM > > To: Haynes, Dan <dhaynes@mitre.org>; Henk Birkholz > > <henk.birkholz@sit.fraunhofer.de>; Adam Montville > > <adam.w.montville@gmail.com>; sacm@ietf.org > > Subject: RE: [sacm] Components for Vulnerability Assessment > > > > Hi every one, > > I have joined this group recently and want to know more about the > discussion > > topic. It looks like some architecture is being discussed in the thread. > > > > From where should I get more information about this so that I can > participate > > and contribute my thoughts as well. > > > > Thanks. > > > > > > Regards, > > =============================================== > > Muhammad Nasir Mumtaz Bhutta, PhD > > Assistant Professor, > > Information Systems Dept > > College of Computer Sciences and Information Technology King Faisal > University > > Saudi Arabia Alahssa 31982 P.O. Box 400 Tel + 966 (013) 589 9207 > <+966%2013%20589%209207> Fax + 966 > > (013) 589 9236 > > > > > > > > -----Original Message----- > > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Haynes, Dan > > Sent: Tuesday, April 18, 2017 5:55 PM > > To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>; Adam Montville > > <adam.w.montville@gmail.com>; sacm@ietf.org > > Subject: Re: [sacm] Components for Vulnerability Assessment > > > > Hi Henk, > > > > The reasoning behind my comment was that in the IETF 98 notes > > (https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00) it > says: > > > > --- > > Per Slide 7: > > Q: (Adam Montville): Is the vulnerability assessor talk to the > repository or talking > > directly to the collector? > > A: (Jessica Fitzgerald-McKay): I could see an implementer combining the > > collector and end-point repository into one. If we're treating them as > functional > > components I'm not sure we need to be that specific. > > A: (Dave Waltermire): We want this architecture to be de-composable. If > we > > treat the end-point repository as a proxy, we might be making things too > > complicated. It might be simpler to treat the end-point repository as a > data > > store. > > A: (Adam Montville): Agreed. > > > > Q: (Dave Waltermire) Are there any concerns with separating the end-point > > repository and the collector being the component responsible for > collection? > > A: <no response> > > > > Comment: (Adam Montville): The "results repository" will now go into the > "end- > > point repository. > > --- > > > > Given that, I thought there was some consensus around making that change. > > > > Thanks, > > > > Danny > > > > > -----Original Message----- > > > From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de] > > > Sent: Tuesday, April 18, 2017 10:49 AM > > > To: Haynes, Dan <dhaynes@mitre.org>; Adam Montville > > > <adam.w.montville@gmail.com>; sacm@ietf.org > > > Subject: Re: [sacm] Components for Vulnerability Assessment > > > > > > Hello Danny, > > > > > > the "Assessment Results Repository" and "Endpoint Repository" are two > > > different components with different functions. The "Endpoint > Repository" > > > of course is the provider for the consumer that is the "Assessment > > > Results Repository". > > > > > > Most certainly, both components can be running on the same endpoint or > > > be composed in a single service that merges both components. I suppose > > > that is what you meant? > > > > > > For the sake of show-casing how the architecture is working. I would > > > recommend to start with each SACM component instantiated as a separate > > > software component. Despite the fact that it looks simpler to just add > > > the "Assessment Result" to the ""Endpoint Characterization Records" > > > retained in an "Endpoint Repository". > > > > > > Ultimately, people will want to use existing software and > > > Asset/Inventory Management Software is a big candidate to provide the > > > functions of an "Endpoint Repository". In consequence, I would keep > > > these components instantiated separately in the first iteration. > > > > > > What does the group think? > > > > > > Viele Grüße, > > > > > > Henk > > > > > > On 04/18/2017 04:21 PM, Haynes, Dan wrote: > > > > Hi Adam, > > > > > > > > > > > > > > > > I think this is a good list for me, but, should the assessment > > > > results repository be merged into the endpoint repository? > > > > > > > > Thanks, > > > > > > > > Danny > > > > > > > > > > > > > > > > *From:*sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Adam > > > > Montville > > > > *Sent:* Tuesday, April 18, 2017 9:04 AM > > > > *To:* sacm@ietf.org > > > > *Subject:* [sacm] Components for Vulnerability Assessment > > > > > > > > > > > > > > > > Hi All: > > > > > > > > > > > > > > > > We've got a list of components we think we care about for our > > > > vulnerability assessment scenario (focusing on the narrowest "ideal > > > > case" through the scenario for the time being. > > > > > > > > > > > > > > > > These are: > > > > > > > > > > > > > > > > * Vulnerability Detection Data Repository > > > > > > > > * Vulnerability Assessor > > > > > > > > * Endpoint Repository > > > > > > > > * Collector > > > > > > > > * Target Endpoint > > > > > > > > * Assessment Results Repository > > > > > > > > > > > > > > > > For reference, see our wiki [1] and/or the slides from IETF 98 [2] > > > > and/or the minutes from IETF 98 [3] > > > > > > > > > > > > > > > > Question to the WG: Is this an appropriate initial list of > components? > > > > > > > > > > > > > > > > Please opine within the next few days (say by end of your day on > > > > Thursday, wherever you may be), so that we can generate some > > > > momentum on this effort. > > > > > > > > > > > > > > > > Kind regards, > > > > > > > > > > > > > > > > Adam > > > > > > > > > > > > > > > > [1] > > > > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScen > > > > ar > > > > io > > > > > > > > [2] > > > > https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerabil > > > > it > > > > y-scenario-discussion-00.pdf > > > > > > > > [3] > > > > https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > sacm mailing list > > > > sacm@ietf.org > > > > https://www.ietf.org/mailman/listinfo/sacm > > > > > > > > _______________________________________________ > > sacm mailing list > > sacm@ietf.org > > https://www.ietf.org/mailman/listinfo/sacm >
- Re: [sacm] Components for Vulnerability Assessment Henk Birkholz
- [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Carl-Heinz Genzel
- Re: [sacm] Components for Vulnerability Assessment Muhammad Nasir Mumtaz Bhutta
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- [sacm] Component Communication Sequence (Was - Re… Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville