IETF Logo Mail Archive

Re: [sacm] Components for Vulnerability Assessment

"Haynes, Dan" <dhaynes@mitre.org> Wed, 19 April 2017 12:36 UTC

Return-Path: <dhaynes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD57B126DC2 for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 05:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lo4qf0SmI4cE for <sacm@ietfa.amsl.com>; Wed, 19 Apr 2017 05:36:05 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 55DB9129522 for <sacm@ietf.org>; Wed, 19 Apr 2017 05:36:05 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 7373E6C0100; Wed, 19 Apr 2017 08:36:14 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 654A96C0089; Wed, 19 Apr 2017 08:36:14 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 19 Apr 2017 08:36:04 -0400
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Wed, 19 Apr 2017 08:36:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=515uD61cZVH2GfBiuZN7RxWXN/PGnUdHB0zBStmjGBI=; b=E2F839QQgQzIqUbseAcAcdlEoIKdb8NFoR40J6pp0fhhdpxe7L4p1Yg4dy6exzqQVkCKFYus8i1JutDze7olQM1j2xNtqDaaVe6HDVlSryganAqST9R0dc1krO1rsSqUlre1VdTKQ4+GoqJqWClN4ZlcWWuNaFa44higoMLrxI8=
Received: from CY4PR09MB1351.namprd09.prod.outlook.com (10.172.67.9) by CY4PR09MB1352.namprd09.prod.outlook.com (10.172.67.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Wed, 19 Apr 2017 12:36:03 +0000
Received: from CY4PR09MB1351.namprd09.prod.outlook.com ([10.172.67.9]) by CY4PR09MB1351.namprd09.prod.outlook.com ([10.172.67.9]) with mapi id 15.01.1034.015; Wed, 19 Apr 2017 12:36:03 +0000
From: "Haynes, Dan" <dhaynes@mitre.org>
To: Carl-Heinz Genzel <carl-heinz.genzel@hs-bremen.de>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] Components for Vulnerability Assessment
Thread-Index: AQHSuERo1RuKpbFar0WA/n0zX/1IM6HLLVhQgAAH2ACAAAD5UIAACegAgADwUYCAAHGaUA==
Date: Wed, 19 Apr 2017 12:36:03 +0000
Message-ID: <CY4PR09MB1351826E7F2714A503C7DB98A5180@CY4PR09MB1351.namprd09.prod.outlook.com>
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <DM5PR09MB1354969FE7F3B67DC662A84AA5190@DM5PR09MB1354.namprd09.prod.outlook.com> <10eb6709-c198-5fdc-1306-cb19c2f6da89@sit.fraunhofer.de> <DM5PR09MB1354C4B0912DA300919F4D13A5190@DM5PR09MB1354.namprd09.prod.outlook.com> <CACknUNXA0NzV3x8rr0XNb+rXhe5KY-jyarj-MizLzDdp_xEx3g@mail.gmail.com> <b06bd200-3811-e153-576f-fdf10762812b@hs-bremen.de>
In-Reply-To: <b06bd200-3811-e153-576f-fdf10762812b@hs-bremen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: hs-bremen.de; dkim=none (message not signed) header.d=none;hs-bremen.de; dmarc=none action=none header.from=mitre.org;
x-originating-ip: [192.80.55.87]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1352; 7:F4prBbfZw+APLUyJusjc+t2aeX3OMMZNJ0r7ahL82pmelILB65ep2diLzyOAEgy/yx7Xx1iMSFgrzE5v4SAM/bEDv/5vyPUfk8PHr9eUoYfKz/rIPWNomOAg+tVwLw3qwNX0FeckUJUntsOZX0slE/eS8vsE812Dvmg8AMTXaPRQSjKRVcHtoKOn4lNnJJOtv811+zX9TLeykDgt5L/nXWDtCo8u1qGVV8UGOnU+7fw+VgRb3fMOq9Pv8KqotCUWJ3/5LUvtwcoTCG24oakZi4zeExhe1KEOPBBtM8aIEEubOZmcgOmKgsmTpOVRluq4G+ukhh8XduqH4XNvcQ1qnQ==
x-ms-office365-filtering-correlation-id: 32b463e4-f092-4e72-e3ca-08d48720a463
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR09MB1352;
x-microsoft-antispam-prvs: <CY4PR09MB1352687AB64949FCD349317CA5180@CY4PR09MB1352.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(6072148); SRVR:CY4PR09MB1352; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1352;
x-forefront-prvs: 028256169F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39450400003)(39860400002)(39400400002)(39840400002)(39850400002)(24454002)(53754006)(377454003)(252514010)(13464003)(2950100002)(93886004)(122556002)(7736002)(77096006)(6436002)(81166006)(74316002)(8676002)(8936002)(3280700002)(53936002)(55016002)(305945005)(86362001)(66066001)(99286003)(6306002)(5660300001)(9686003)(2501003)(3660700001)(54356999)(76176999)(6506006)(2900100001)(3846002)(2906002)(38730400002)(189998001)(6116002)(25786009)(53546009)(33656002)(229853002)(102836003)(7696004)(50986999); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR09MB1352; H:CY4PR09MB1351.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2017 12:36:03.1124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1352
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/nFTYMAKWYlnfbSyH_RgeL7dLuVI>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 12:36:08 -0000

Thanks Carl-Heinz, it looks like I missed that.  With that said, I will keep quiet and let someone who was there clarify :).

Thanks,

Danny

> -----Original Message-----
> From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Carl-Heinz Genzel
> Sent: Wednesday, April 19, 2017 1:48 AM
> To: sacm@ietf.org
> Subject: Re: [sacm] Components for Vulnerability Assessment
> 
> Hello All,
> 
> The comment mentioned by Danny becomes obsolete in the next section "Per
> slide 8", where it seems to me that it is agreed upon to not combine the
> repositories. However, I wasn't there.
> 
> Best Regards,
> Carl-Heinz Genzel
> 
> Am 18.04.2017 um 17:27 schrieb Adam Montville:
> >
> >
> > On Tue, Apr 18, 2017 at 9:55 AM Haynes, Dan <dhaynes@mitre.org
> > <mailto:dhaynes@mitre.org>> wrote:
> >
> >     Hi Henk,
> >
> >     The reasoning behind my comment was that in the IETF 98 notes
> >     (https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00) it
> >     says:
> >
> >     ---
> >     Per Slide 7:
> >     Q: (Adam Montville): Is the vulnerability assessor talk to the
> >     repository or talking directly to the collector?
> >     A: (Jessica Fitzgerald-McKay): I could see an implementer combining
> >     the collector and end-point repository into one.  If we're treating
> >     them as functional components I'm not sure we need to be that specific.
> >     A: (Dave Waltermire): We want this architecture to be
> >     de-composable.  If we treat the end-point repository as a proxy, we
> >     might be making things too complicated. It might be simpler to treat
> >     the end-point repository as a data store.
> >     A: (Adam Montville): Agreed.
> >
> >     Q: (Dave Waltermire) Are there any concerns with separating the
> >     end-point repository and the collector being the component
> >     responsible for collection?
> >     A: <no response>
> >
> >     Comment: (Adam Montville): The "results repository" will now go into
> >     the "end-point repository.
> >     ---
> >
> >     Given that, I thought there was some consensus around making that
> >     change.
> >
> >
> > Hm...  FWIW, I don't feel I would have said that as a personal
> > opinion, but maybe that there was some agreement in the room.  Of
> > course, the list is what counts.
> >
> > Without a chair hat on, I happen to agree with Henk. What we are
> > calling components are "compose-able function groups" in some sense,
> > and that they should be treated separately, but are likely to be
> > implemented in some composed manner.
> >
> >
> >
> >
> >     Thanks,
> >
> >     Danny
> >
> >     > -----Original Message-----
> >     > From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de
> >     <mailto:henk.birkholz@sit.fraunhofer.de>]
> >     > Sent: Tuesday, April 18, 2017 10:49 AM
> >     > To: Haynes, Dan <dhaynes@mitre.org <mailto:dhaynes@mitre.org>>;
> >     Adam Montville
> >     > <adam.w.montville@gmail.com
> <mailto:adam.w.montville@gmail.com>>;
> >     sacm@ietf.org <mailto:sacm@ietf.org>
> >     > Subject: Re: [sacm] Components for Vulnerability Assessment
> >     >
> >     > Hello Danny,
> >     >
> >     > the "Assessment Results Repository" and "Endpoint Repository" are two
> >     > different components with different functions. The "Endpoint
> >     Repository"
> >     > of course is the provider for the consumer that is the "Assessment
> >     Results
> >     > Repository".
> >     >
> >     > Most certainly, both components can be running on the same
> >     endpoint or be
> >     > composed in a single service that merges both components. I
> >     suppose that is
> >     > what you meant?
> >     >
> >     > For the sake of show-casing how the architecture is working. I would
> >     > recommend to start with each SACM component instantiated as a
> separate
> >     > software component. Despite the fact that it looks simpler to just
> >     add the
> >     > "Assessment Result" to the ""Endpoint Characterization Records"
> >     > retained in an "Endpoint Repository".
> >     >
> >     > Ultimately, people will want to use existing software and
> >     Asset/Inventory
> >     > Management Software is a big candidate to provide the functions of an
> >     > "Endpoint Repository". In consequence, I would keep these components
> >     > instantiated separately in the first iteration.
> >     >
> >     > What does the group think?
> >     >
> >     > Viele Grüße,
> >     >
> >     > Henk
> >     >
> >     > On 04/18/2017 04:21 PM, Haynes, Dan wrote:
> >     > > Hi Adam,
> >     > >
> >     > >
> >     > >
> >     > > I think this is a good list for me, but, should the assessment
> >     results
> >     > > repository be merged into the endpoint repository?
> >     > >
> >     > > Thanks,
> >     > >
> >     > > Danny
> >     > >
> >     > >
> >     > >
> >     > > *From:*sacm [mailto:sacm-bounces@ietf.org
> >     <mailto:sacm-bounces@ietf.org>] *On Behalf Of *Adam
> >     > > Montville
> >     > > *Sent:* Tuesday, April 18, 2017 9:04 AM
> >     > > *To:* sacm@ietf.org <mailto:sacm@ietf.org>
> >     > > *Subject:* [sacm] Components for Vulnerability Assessment
> >     > >
> >     > >
> >     > >
> >     > > Hi All:
> >     > >
> >     > >
> >     > >
> >     > > We've got a list of components we think we care about for our
> >     > > vulnerability assessment scenario (focusing on the narrowest "ideal
> >     > > case" through the scenario for the time being.
> >     > >
> >     > >
> >     > >
> >     > > These are:
> >     > >
> >     > >
> >     > >
> >     > > * Vulnerability Detection Data Repository
> >     > >
> >     > > * Vulnerability Assessor
> >     > >
> >     > > * Endpoint Repository
> >     > >
> >     > > * Collector
> >     > >
> >     > > * Target Endpoint
> >     > >
> >     > > * Assessment Results Repository
> >     > >
> >     > >
> >     > >
> >     > > For reference, see our wiki [1] and/or the slides from IETF 98 [2]
> >     > > and/or the minutes from IETF 98 [3]
> >     > >
> >     > >
> >     > >
> >     > > Question to the WG: Is this an appropriate initial list of
> >     components?
> >     > >
> >     > >
> >     > >
> >     > > Please opine within the next few days (say by end of your day on
> >     > > Thursday, wherever you may be), so that we can generate some
> >     momentum
> >     > > on this effort.
> >     > >
> >     > >
> >     > >
> >     > > Kind regards,
> >     > >
> >     > >
> >     > >
> >     > > Adam
> >     > >
> >     > >
> >     > >
> >     > > [1]
> >     > >
> >     https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenar
> >     > > io
> >     > >
> >     > > [2]
> >     > >
> >     https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerabilit
> >     > > y-scenario-discussion-00.pdf
> >     > >
> >     > > [3]
> >     https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt
> >     > >
> >     > >
> >     > >
> >     > >
> >     > >
> >     > >
> >     > >
> >     > > _______________________________________________
> >     > > sacm mailing list
> >     > > sacm@ietf.org <mailto:sacm@ietf.org>
> >     > > https://www.ietf.org/mailman/listinfo/sacm
> >     > >
> >
> >
> >
> > _______________________________________________
> > sacm mailing list
> > sacm@ietf.org
> > https://www.ietf.org/mailman/listinfo/sacm
> >
> 
> --
> _________________________________________________________________
> _____________________
> 
> Carl-Heinz Genzel
> Wissenschaftlicher Mitarbeiter
> Rechnernetze / Informationssicherheit
> Institut für Informatik und Automation
> Hochschule Bremen / University of Applied Sciences Flughafenallee 10, 28199
> Bremen, Germany
> tel.:  +49 421 5905 5442
> mobil: +49 179 1636844
> email: carl-heinz.genzel@hs-bremen.de
> _________________________________________________________________
> __________
> 
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm

v2.23.0 | Report a Bug | By Email