IETF Logo Mail Archive

Re: [sacm] Hackathon Goals and Stretch Goals

Adam Montville <adam.w.montville@gmail.com> Tue, 16 May 2017 19:04 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1749A12ECB1 for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 12:04:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OXEWKFcMnXH for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 12:04:06 -0700 (PDT)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EB76129C71 for <sacm@ietf.org>; Tue, 16 May 2017 11:59:35 -0700 (PDT)
Received: by mail-it0-x229.google.com with SMTP id c15so68141702ith.0 for <sacm@ietf.org>; Tue, 16 May 2017 11:59:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=HiKBv6J3ZAjixycGMVPBAkg1rh8jKlPFpjAJofplC30=; b=OlgN73PMCgCtS/ncdZA/MWTP0guYDKk77oPVvc+5q00S0b993uFFHkp5iqO427OKTA oIu+1oFW+eTqf/xBD8gIm7ssCmqXnpw7qjHsZeWfEFo3gMv8wSrDqgMxBBDfO1dGuHak +pt3kZSsllV1MewhD5oZWSTwMzLhVrGwEPOMbL5MWznLOn08HxhtJqCMBgdF1Itf+1Ai cqnc83lFR5lerz0S/6J0/IH8QBB8LcnE3br0gV/AdZN53QItQuTFE3CjhQIZuW/LJc+O /B4reE3WMP+8hkbEMsbZDWhD+rS2pn3gsxfiyY5VjhN9TnJ/3s4Ose3rge8P9oMCfg6q DzXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=HiKBv6J3ZAjixycGMVPBAkg1rh8jKlPFpjAJofplC30=; b=ektv6EXVz/FntdvzIJmi+zQnav9LUCgvNyyPmTe5hqBux9n9KonCBUJz/FPELjtpPX v2qkBK+DsoLhXnkK7vP3mb9iJuTKjWT3nznLQREwi3rodp5O6TaMWbEB+dLfg7s3w4Bi u+UgqBX00JFgDWUikhCIxIAJtqlwWp30OTfnRCvxUzx15sB7VA2mnRTwjxXpHxOhvziC p7Z+8z8faw9XmMRg9MdyOSioO5eyaVXdV5v6K2J2LD3LHkd/bIwLWhgotUNREpW8/Hke 1WMt3rInFrgr4ADELSNtVSvrqXvLSdo2eeCzyxELCj5PQKkTohRjbb7fsJhSYdHz2R4x hYgA==
X-Gm-Message-State: AODbwcD3hpe41RaSGAQ90OCV7uzTna3fHXn+ZeKZHpHLEZ7n8uRPoqAX CsOC1xWZpLOMH80y6F+4q3h4simUxQPG
X-Received: by 10.36.107.201 with SMTP id v192mr170389itc.81.1494961174348; Tue, 16 May 2017 11:59:34 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUhqqdumk1wombsAha0TQS4O4dNpajUs2Ak4jWDWZHXaA@mail.gmail.com> <CACknUNUQ_sgw46GsU8LoOq1puEyo8DUnJ4599h0GE=+Nc2Hxow@mail.gmail.com> <MWHPR09MB1440A80762DE455376735978F0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <CACknUNUA0YH5EXQrPJHMWqfp=PZcVc_FpeTR0T9SmRMsteSvhw@mail.gmail.com> <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com> <DM5PR09MB1354402E944E81A585B279D1A5E60@DM5PR09MB1354.namprd09.prod.outlook.com> <90838fdd-07be-fdf8-300f-614425d360ec@sit.fraunhofer.de> <CACknUNU-kuGMi8Oass_JT+3CvpAgbm8PAb1_KDTwM6D2X1o-JQ@mail.gmail.com>
In-Reply-To: <CACknUNU-kuGMi8Oass_JT+3CvpAgbm8PAb1_KDTwM6D2X1o-JQ@mail.gmail.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Tue, 16 May 2017 18:59:23 +0000
Message-ID: <CACknUNX7J_a_H=KyBO4R=TcYEcrsMbTd8WWqNW+A5PGVroBy8g@mail.gmail.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, sacm@ietf.org
Content-Type: multipart/alternative; boundary="001a114a9e74c00b34054fa8c50c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/mclfaBcnVjpvRagbf6LAJtQwAPA>
Subject: Re: [sacm] Hackathon Goals and Stretch Goals
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 19:04:18 -0000

Also, I've created a wiki page here:
https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentHackathon

At that page (version 4) I've put up a modified version of the user story
suggested earlier, hopefully making appropriate clarifications.

Kind regards,

Adam

On Tue, May 16, 2017 at 1:47 PM Adam Montville <adam.w.montville@gmail.com>
wrote:

> Hi Henk. I'll try inline.
>
> On Tue, May 16, 2017 at 11:04 AM Henk Birkholz <
> henk.birkholz@sit.fraunhofer.de> wrote:
>
>> Hello,
>>
>> the general story looks like a good fit. I am little uncertain about the
>> details regarding:
>>
>> >> Collected software inventory information will be stored in the
>> >> Assessment Results Repository and will be compared to
>> >> vulnerability detection data retrieved from the Vulnerability
>> >> Detection Data Repository. The vulnerability detection data will
>> >> be derived from the vendor provided information in some useful
>> >> way to be determined by the Vulnerability Assessor.
>>
>> This seems to imply an iterative process, in which the Assessment
>> Results Repository first only stores the "current available information"
>> about software packages installed as software instances on the target
>> endpoint - and then enriches that with the assessment that this software
>> instance is vulnerable (has to be updated) or not. Is that correct?
>
>
>> This seems to merge the components "Assessment Results Repository",
>> which store the current "state of things are not compliant" and the
>> "Endpoint Repository", which stores the information (e.g. like a
>> configuration management system) in which stores information that
>> reflects what is currently installed on a target endpoint?
>>
>
> [AWM] Yes, I think the story could be clarified on this front. It
> shouldn't merge the two components we've agreed to keep separate. If the
> first sentence in your quoted text beging instead with "Collected software
> inventory will be stored in the Endpoint Repository..." I think that fixes
> some things.
>
>
>>
>> That's the only nit I have on the "story" :)
>>
>> Also, I noticed conflicting notions about how important it is to prepare
>> a message format to convey information between components. While it
>> might not be as critical as "having actual component code to work with",
>> interoperability is key. And if we would agree on a preliminary data
>> structure (probably derived from the current IM), before we start the
>> hackathon, we could save some time during the f2f on-site. It's probably
>> a low hanging fruit also, as I am not talking about every IE to be
>> conveyed, but about the general message structure ("the container") and
>> the corresponding encoding for data in motion.
>>
>
> [AWM] There are differing perspectives on this front. Yes, having a common
> structure could be useful, but it may not be necessary for the purposes of
> this effort. This effort is somewhat different from others that I've heard
> of, in that we are not implementing a solution as much as we are
> discovering one. I do expect that we will discover the structures we need
> as we develop the solution. What do others think about this? Do we need to
> have this information up front, or is it something we can discover as we go?
>
>
>>
>> Thoughts?
>>
>>
>> Viele Grüße,
>>
>> Henk
>>
>>
>>
>>
>> On 05/16/2017 05:12 PM, Haynes, Dan wrote:
>> > Seems like a reasonable story to focus around, for the hackathon, to me.
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Danny
>> >
>> >
>> >
>> > *From:*sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Jerome Athias
>> > *Sent:* Monday, May 15, 2017 11:12 PM
>> > *To:* Adam Montville <adam.w.montville@gmail.com>; Waltermire, David A.
>> > (Fed) <david.waltermire@nist.gov>; sacm@ietf.org
>> > *Subject:* Re: [sacm] Hackathon Goals and Stretch Goals
>> >
>> >
>> >
>> > I think it's a good idea too.
>> >
>> > I don't know who is supposed to participate to this hackathon?
>> >
>> > Potentially you could market it by capitalizing on real known events,
>> > (without trolling) let's say "new critical vulnerability", "for
>> > preventing ransomware" "FictitousCorp needs to Respond quickly and have
>> > a system to Identify and Protect its endpoints..."
>> >
>> >
>> >
>> >
>> >
>> > On Tue, 16 May 2017 at 00:30, Adam Montville <
>> adam.w.montville@gmail.com
>> > <mailto:adam.w.montville@gmail.com>> wrote:
>> >
>> >     I think that's a good idea. How do folks feel about this story? Is
>> >     it lacking anything? Is it too specific? What would you change about
>> >     it if you could?
>> >
>> >
>> >
>> >     On Mon, May 15, 2017 at 12:57 PM Waltermire, David A. (Fed)
>> >     <david.waltermire@nist.gov <mailto:david.waltermire@nist.gov>>
>> wrote:
>> >
>> >         I was thinking that it would be useful to have a user story to
>> >         implement against for the Hackathon. How about something like
>> >         the following that maps to our goals:
>> >
>> >
>> >
>> >         A vendor identifies a vulnerability in their software product.
>> >         They produce a new version of their software and publish a
>> >         vulnerability bulletin that indicates customers should upgrade
>> >         to the new version to address the vulnerability. The product
>> >         versions have both a SWID tag and a CoSWID tag. As a customer of
>> >         this vendor that uses the affected products, we need to build a
>> >         vulnerability assessment system that is capable of detecting
>> >         what version of the software is installed and determine if that
>> >         version is vulnerable using the vendor provided information. The
>> >         Collector will be capable of gathering software inventory
>> >         information from one or more target endpoints by:
>> >
>> >
>> >
>> >         1)      Requesting software inventory information for the
>> >         affected software based on an ad-hoc request.
>> >
>> >         2)      Reporting the software inventory as software changes
>> occur
>> >
>> >
>> >
>> >         Collected software inventory information will be stored in the
>> >         Assessment Results Repository and will be compared to
>> >         vulnerability detection data retrieved from the Vulnerability
>> >         Detection Data Repository. The vulnerability detection data will
>> >         be derived from the vendor provided information in some useful
>> >         way to be determined by the Vulnerability Assessor.
>> >
>> >
>> >
>> >         How does this look?
>> >
>> >
>> >
>> >         Regards,
>> >
>> >         Dave
>> >
>> >
>> >
>> >         *From:*sacm [mailto:sacm-bounces@ietf.org
>> >         <mailto:sacm-bounces@ietf.org>] *On Behalf Of *Adam Montville
>> >         *Sent:* Tuesday, May 09, 2017 3:30 PM
>> >         *To:* sacm@ietf.org <mailto:sacm@ietf.org>
>> >         *Subject:* Re: [sacm] Hackathon Goals and Stretch Goals
>> >
>> >
>> >
>> >         All:
>> >
>> >
>> >
>> >         This week Dave and I have had an opportunity to discuss these a
>> >         bit further. We've come up with the following set of goals and
>> >         outcomes:
>> >
>> >
>> >
>> >         GOAL: Running code demonstrating the communication needs between
>> >         identified components as they pertain to the on-request
>> >         collection case through the scenario, where that case is
>> >         described
>> >         at
>> https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario.
>> >         OUTCOME: We will have specific understanding of components'
>> >         boundaries and the necessary information flows (including
>> >         information being communicated) between them.
>> >
>> >
>> >
>> >         GOAL: Leverage existing collected data in a data repository.
>> >         OUTCOME: Demonstrate that previously collected data can be
>> >         reused to support vulnerability assessment
>> >
>> >
>> >
>> >         GOAL: Running code to extend that base case to include a
>> >         mechanism capable of monitoring a given set of endpoint
>> >         attributes for change. OUTCOME: We will have specific
>> >         understanding of additional architectural considerations for
>> >         handling monitoring vs. on-request collection, as well as any
>> >         additional information flows required.
>> >
>> >
>> >
>> >         Does anyone care to bash these goal-ouctome pairs in the context
>> >         of our hackathon plans?  If so, please do so over the next day
>> >         or two, otherwise these will become the stated goals for our
>> >         hackathon.
>> >
>> >
>> >
>> >         Kind regards,
>> >
>> >
>> >
>> >         Adam
>> >
>> >
>> >
>> >         On Tue, May 2, 2017 at 4:40 PM Adam Montville
>> >         <adam.w.montville@gmail.com <mailto:adam.w.montville@gmail.com
>> >>
>> >         wrote:
>> >
>> >             All:
>> >
>> >
>> >
>> >             Last week Dave sent a list of milestones to the list. The
>> >             first of which was for the WG to define some goals for the
>> >             IETF 99 hackathon. I can see at least one primary goal with
>> >             at least one stretch goal. The primary goal is to have
>> >             running code demonstrating the basic/ideal case through our
>> >             vulnerability scenario, where a new vulnerability is
>> >             discovered and we need to reach out all the way to the
>> >             endpoint to determine whether it is in fact vulnerable. A
>> >             stretch goal might be to have running code demonstrating a
>> >             "monitor for this vulnerability from now on" capability (I'm
>> >             sure I'm not stating that as well as I could).
>> >
>> >
>> >
>> >             Does anyone have additional goals? Or, are there better ways
>> >             to state these particular goals (there probably are)?
>> >
>> >
>> >
>> >             Kind regards,
>> >
>> >
>> >
>> >             Adam
>> >
>> >     _______________________________________________
>> >     sacm mailing list
>> >     sacm@ietf.org <mailto:sacm@ietf.org>
>> >     https://www.ietf.org/mailman/listinfo/sacm
>> >
>> >
>> >
>> > _______________________________________________
>> > sacm mailing list
>> > sacm@ietf.org
>> > https://www.ietf.org/mailman/listinfo/sacm
>> >
>>
>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>

v2.23.0 | Report a Bug | By Email