Re: [sacm] Components for Vulnerability Assessment
"Haynes, Dan" <dhaynes@mitre.org> Wed, 19 April 2017 12:36 UTC
Return-Path: <dhaynes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD57B126DC2 for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 05:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lo4qf0SmI4cE for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 05:36:05 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 55DB9129522 for <sacm@ietf.org>; Wed, 19 Apr 2017 05:36:05 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 7373E6C0100; Wed, 19 Apr 2017 08:36:14 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 654A96C0089; Wed, 19 Apr 2017 08:36:14 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 19 Apr 2017 08:36:04 -0400
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Wed, 19 Apr 2017 08:36:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=515uD61cZVH2GfBiuZN7RxWXN/PGnUdHB0zBStmjGBI=; b=E2F839QQgQzIqUbseAcAcdlEoIKdb8NFoR40J6pp0fhhdpxe7L4p1Yg4dy6exzqQVkCKFYus8i1JutDze7olQM1j2xNtqDaaVe6HDVlSryganAqST9R0dc1krO1rsSqUlre1VdTKQ4+GoqJqWClN4ZlcWWuNaFa44higoMLrxI8=
Received: from CY4PR09MB1351.namprd09.prod.outlook.com (10.172.67.9) by CY4PR09MB1352.namprd09.prod.outlook.com (10.172.67.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Wed, 19 Apr 2017 12:36:03 +0000
Received: from CY4PR09MB1351.namprd09.prod.outlook.com ([10.172.67.9]) by CY4PR09MB1351.namprd09.prod.outlook.com ([10.172.67.9]) with mapi id 15.01.1034.015; Wed, 19 Apr 2017 12:36:03 +0000
From: "Haynes, Dan" <dhaynes@mitre.org>
To: Carl-Heinz Genzel <carl-heinz.genzel@hs-bremen.de>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] Components for Vulnerability Assessment
Thread-Index: AQHSuERo1RuKpbFar0WA/n0zX/1IM6HLLVhQgAAH2ACAAAD5UIAACegAgADwUYCAAHGaUA==
Date: Wed, 19 Apr 2017 12:36:03 +0000
Message-ID: <CY4PR09MB1351826E7F2714A503C7DB98A5180@CY4PR09MB1351.namprd09.prod.outlook.com>
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com> <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de> <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com> <CACknUNXA0NzV3x8rr0XNb+rXhe5KY-jyarj-MizLzDdp_xEx3g@mail.gmail.com> <b06bd200-3811-e153-576f-fdf10762812b@hs-bremen.de>
In-Reply-To: <b06bd200-3811-e153-576f-fdf10762812b@hs-bremen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: hs-bremen.de; dkim=none (message not signed) header.d=none;hs-bremen.de; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.80.55.87]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1352; 7:F4prBbfZw+APLUyJusjc+t2aeX3OMMZNJ0r7ahL82pmelILB65ep2diLzyOAEgy/yx7Xx1iMSFgrzE5v4SAM/bEDv/5vyPUfk8PHr9eUoYfKz/rIPWNomOAg+tVwLw3qwNX0FeckUJUntsOZX0slE/eS8vsE812Dvmg8AMTXaPRQSjKRVcHtoKOn4lNnJJOtv811+zX9TLeykDgt5L/nXWDtCo8u1qGVV8UGOnU+7fw+VgRb3fMOq9Pv8KqotCUWJ3/5LUvtwcoTCG24oakZi4zeExhe1KEOPBBtM8aIEEubOZmcgOmKgsmTpOVRluq4G+ukhh8XduqH4XNvcQ1qnQ==
x-ms-office365-filtering-correlation-id: 32b463e4-f092-4e72-e3ca-08d48720a463
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR09MB1352;
x-microsoft-antispam-prvs: <CY4PR09MB1352687AB64949FCD349317CA5180@CY4PR09MB1352.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(6072148); SRVR:CY4PR09MB1352; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1352;
x-forefront-prvs: 028256169F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39450400003)(39860400002)(39400400002)(39840400002)(39850400002)(24454002)(53754006)(377454003)(252514010)(13464003)(2950100002)(93886004)(122556002)(7736002)(77096006)(6436002)(81166006)(74316002)(8676002)(8936002)(3280700002)(53936002)(55016002)(305945005)(86362001)(66066001)(99286003)(6306002)(5660300001)(9686003)(2501003)(3660700001)(54356999)(76176999)(6506006)(2900100001)(3846002)(2906002)(38730400002)(189998001)(6116002)(25786009)(53546009)(33656002)(229853002)(102836003)(7696004)(50986999); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR09MB1352; H:CY4PR09MB1351.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2017 12:36:03.1124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1352
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/nFTYMAKWYlnfbSyH_RgeL7dLuVI>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 12:36:08 -0000
Thanks Carl-Heinz, it looks like I missed that. With that said, I will keep quiet and let someone who was there clarify :). Thanks, Danny > -----Original Message----- > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Carl-Heinz Genzel > Sent: Wednesday, April 19, 2017 1:48 AM > To: sacm@ietf.org > Subject: Re: [sacm] Components for Vulnerability Assessment > > Hello All, > > The comment mentioned by Danny becomes obsolete in the next section "Per > slide 8", where it seems to me that it is agreed upon to not combine the > repositories. However, I wasn't there. > > Best Regards, > Carl-Heinz Genzel > > Am 18.04.2017 um 17:27 schrieb Adam Montville: > > > > > > On Tue, Apr 18, 2017 at 9:55 AM Haynes, Dan <dhaynes@mitre.org > > <mailto:dhaynes@mitre.org>> wrote: > > > > Hi Henk, > > > > The reasoning behind my comment was that in the IETF 98 notes > > (https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00) it > > says: > > > > --- > > Per Slide 7: > > Q: (Adam Montville): Is the vulnerability assessor talk to the > > repository or talking directly to the collector? > > A: (Jessica Fitzgerald-McKay): I could see an implementer combining > > the collector and end-point repository into one. If we're treating > > them as functional components I'm not sure we need to be that specific. > > A: (Dave Waltermire): We want this architecture to be > > de-composable. If we treat the end-point repository as a proxy, we > > might be making things too complicated. It might be simpler to treat > > the end-point repository as a data store. > > A: (Adam Montville): Agreed. > > > > Q: (Dave Waltermire) Are there any concerns with separating the > > end-point repository and the collector being the component > > responsible for collection? > > A: <no response> > > > > Comment: (Adam Montville): The "results repository" will now go into > > the "end-point repository. > > --- > > > > Given that, I thought there was some consensus around making that > > change. > > > > > > Hm... FWIW, I don't feel I would have said that as a personal > > opinion, but maybe that there was some agreement in the room. Of > > course, the list is what counts. > > > > Without a chair hat on, I happen to agree with Henk. What we are > > calling components are "compose-able function groups" in some sense, > > and that they should be treated separately, but are likely to be > > implemented in some composed manner. > > > > > > > > > > Thanks, > > > > Danny > > > > > -----Original Message----- > > > From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de > > <mailto:henk.birkholz@sit.fraunhofer.de>] > > > Sent: Tuesday, April 18, 2017 10:49 AM > > > To: Haynes, Dan <dhaynes@mitre.org <mailto:dhaynes@mitre.org>>; > > Adam Montville > > > <adam.w.montville@gmail.com > <mailto:adam.w.montville@gmail.com>>; > > sacm@ietf.org <mailto:sacm@ietf.org> > > > Subject: Re: [sacm] Components for Vulnerability Assessment > > > > > > Hello Danny, > > > > > > the "Assessment Results Repository" and "Endpoint Repository" are two > > > different components with different functions. The "Endpoint > > Repository" > > > of course is the provider for the consumer that is the "Assessment > > Results > > > Repository". > > > > > > Most certainly, both components can be running on the same > > endpoint or be > > > composed in a single service that merges both components. I > > suppose that is > > > what you meant? > > > > > > For the sake of show-casing how the architecture is working. I would > > > recommend to start with each SACM component instantiated as a > separate > > > software component. Despite the fact that it looks simpler to just > > add the > > > "Assessment Result" to the ""Endpoint Characterization Records" > > > retained in an "Endpoint Repository". > > > > > > Ultimately, people will want to use existing software and > > Asset/Inventory > > > Management Software is a big candidate to provide the functions of an > > > "Endpoint Repository". In consequence, I would keep these components > > > instantiated separately in the first iteration. > > > > > > What does the group think? > > > > > > Viele Grüße, > > > > > > Henk > > > > > > On 04/18/2017 04:21 PM, Haynes, Dan wrote: > > > > Hi Adam, > > > > > > > > > > > > > > > > I think this is a good list for me, but, should the assessment > > results > > > > repository be merged into the endpoint repository? > > > > > > > > Thanks, > > > > > > > > Danny > > > > > > > > > > > > > > > > *From:*sacm [mailto:sacm-bounces@ietf.org > > <mailto:sacm-bounces@ietf.org>] *On Behalf Of *Adam > > > > Montville > > > > *Sent:* Tuesday, April 18, 2017 9:04 AM > > > > *To:* sacm@ietf.org <mailto:sacm@ietf.org> > > > > *Subject:* [sacm] Components for Vulnerability Assessment > > > > > > > > > > > > > > > > Hi All: > > > > > > > > > > > > > > > > We've got a list of components we think we care about for our > > > > vulnerability assessment scenario (focusing on the narrowest "ideal > > > > case" through the scenario for the time being. > > > > > > > > > > > > > > > > These are: > > > > > > > > > > > > > > > > * Vulnerability Detection Data Repository > > > > > > > > * Vulnerability Assessor > > > > > > > > * Endpoint Repository > > > > > > > > * Collector > > > > > > > > * Target Endpoint > > > > > > > > * Assessment Results Repository > > > > > > > > > > > > > > > > For reference, see our wiki [1] and/or the slides from IETF 98 [2] > > > > and/or the minutes from IETF 98 [3] > > > > > > > > > > > > > > > > Question to the WG: Is this an appropriate initial list of > > components? > > > > > > > > > > > > > > > > Please opine within the next few days (say by end of your day on > > > > Thursday, wherever you may be), so that we can generate some > > momentum > > > > on this effort. > > > > > > > > > > > > > > > > Kind regards, > > > > > > > > > > > > > > > > Adam > > > > > > > > > > > > > > > > [1] > > > > > > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenar > > > > io > > > > > > > > [2] > > > > > > https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerabilit > > > > y-scenario-discussion-00.pdf > > > > > > > > [3] > > https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > sacm mailing list > > > > sacm@ietf.org <mailto:sacm@ietf.org> > > > > https://www.ietf.org/mailman/listinfo/sacm > > > > > > > > > > > > _______________________________________________ > > sacm mailing list > > sacm@ietf.org > > https://www.ietf.org/mailman/listinfo/sacm > > > > -- > _________________________________________________________________ > _____________________ > > Carl-Heinz Genzel > Wissenschaftlicher Mitarbeiter > Rechnernetze / Informationssicherheit > Institut für Informatik und Automation > Hochschule Bremen / University of Applied Sciences Flughafenallee 10, 28199 > Bremen, Germany > tel.: +49 421 5905 5442 > mobil: +49 179 1636844 > email: carl-heinz.genzel@hs-bremen.de > _________________________________________________________________ > __________ > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm
- Re: [sacm] Components for Vulnerability Assessment Henk Birkholz
- [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Carl-Heinz Genzel
- Re: [sacm] Components for Vulnerability Assessment Muhammad Nasir Mumtaz Bhutta
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- [sacm] Component Communication Sequence (Was - Re… Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville