Re: [sacm] Draft: Automated IoT Security

Kathleen Moriarty <> Wed, 06 February 2019 14:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 06BC5124BF6 for <>; Wed, 6 Feb 2019 06:45:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JnID1KSIjbNo for <>; Wed, 6 Feb 2019 06:45:54 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 935EB124BE5 for <>; Wed, 6 Feb 2019 06:45:52 -0800 (PST)
Received: by with SMTP id k98so12259587otk.3 for <>; Wed, 06 Feb 2019 06:45:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=psZfcgCjFh+KckguyAuPUf5d2/rK5ITKHk+jdSg1VTM=; b=OIIe/vnwXl+jdlEHXRlct6ovmah4UwOni6fE3NfuD3MMDGa4HJH9Fcfatxu1lf2bVP lMbPgBqB3i3Vx7OLrQWn1SbujOJA+lizi738ut5bXlXuHWJ4MPddT2TbA9b5yvYQtxwM 6Em8kT1ZwSAyao0zEFF4mK/1NAIkcS7DLtMQGu+Ja48ruZ9Qw3zd4tRl9ZyfK4CEohyK JlgqmS6625mAkWgj6Aubp547WG6fbLy+5PcGkd5MmFALnTfb4uff1UkOrtpCplF7nnRv VB1+bm+lCHDHoNd1p74XI3dFDuexMTtvqXEv6wJePjDUXDaRaTY4ptHTQXNP3Eu93KT+ wghw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=psZfcgCjFh+KckguyAuPUf5d2/rK5ITKHk+jdSg1VTM=; b=YpCrcVbMyr/Mwjyq5LOT8HfGnY7wqlIG31TAJFZfzIIzZwt/JkqFUbwZLF30lEa19t HcbswZrVsnAKmP3G3Fa6rAv7ONU88cswJBvDuqaEX1TLZejn+fenTQEZVY45sGkbcjBF ZG1A+6XFcaCFxhydVFc3/BdSjgbtNyQeS9lFrO422ku9Ul++hFkwgQnN422xdIw4mAmg eFOr7WIMqF1z0PoZdi9aRpHJGk47xs2LfbTwsSDa6voWKBBFrZU37lroWEdV6PIn567Q Xs2gatYWnFg35i6x1qU0qlsvoO3H2GHfLKAT7XSi5M7OUPaeIqaM/0OMUbH0gguh1W1n YS6g==
X-Gm-Message-State: AHQUAuZcaPGG4YF8Cd4OzOKOqFvIfs+3UtvVhThTaC2ljL5E6Czftniy xs+CIdGtjhqtEgKhh0FESQqXoJMEmXcjK6lL0FcyxkjG
X-Google-Smtp-Source: AHgI3IZWqtVpnAdRAav4M0rsUbup+ha1nbO8CPrPd8DywDb7tXjBAi7yu65S2k98ZmqP2E2XCA9NYaHcTUvTibBDnls=
X-Received: by 2002:aca:5058:: with SMTP id e85mr5332927oib.111.1549464351858; Wed, 06 Feb 2019 06:45:51 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: Kathleen Moriarty <>
Date: Wed, 6 Feb 2019 09:45:15 -0500
Message-ID: <>
To: Abhik Chaudhuri <>
Cc:,, Thorsten Dahm <>
Content-Type: multipart/alternative; boundary="00000000000048e86f05813ac805"
Archived-At: <>
Subject: Re: [sacm] Draft: Automated IoT Security
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 06 Feb 2019 14:45:57 -0000

Thank you Oscar and Thorsten for your work on PAVA and PASC, this does look
promising.  I realize I am reviewing an early version of the draft and am
wondering if the concepts are further developed.  I may be asking questions
that have been solved at this point, and look forward to learning more.
Here's a quick review and I would like to review later iterations as well
to see if we as a community can help you progress your work.

Section 2.1: nit

   A manufacturer cannot be aware at design place about the security
   risks that might appear in the future.

I think you meant design time?  If I am not right (on any comment), please
say so and explain.

Nit at end of 2.3
Period is missing at the end of the following sentence:
   System operators benefit of PASC and PAVA since they minimize
   operational cost while ensuring that the system remains secure at any
   moment: PASC allows them to configure security automatically; PAVA
   allows for automated vulnerability detection

Section 4.1
I need further information on the listed exchanges and commands to better
understand the protocol.  How does the RISK ASSESSMENT occur?  What does
that entail?  Are other protocols used in the assessment (YANG/RESTCONF)?

Is there an existing protocol that PASC rides over and adds these commands
or is it new?  What does a DEVICE INFO request look like for the exchange
and what are the possible responses (or where is the response obtained from?

Section 4.2
Can you explain a little further on how syslog reports can help with
vulnerability assessment?  Do you mean detection of known threats that can
be mapped to syslog generated messages?  Or have you added some type of
logging requirement in IoT devices that you are working with that produce
syslog messages specific to PAVA that somehow map to vulnerability
assessment information?

Does the first bullet meat to say events as opposed to vulnerabilities

Or by vulnerability, do you mean that an event triggered by an IoT device
and a log in syslog would signal behavior that did not match the expected
behavior as in the deployer's accepted MUD files?

Section 6 -
Do you have planned reuse of existing device protocols, perhaps YANG with
NETCONF/RESTCONF, or DMTF's Common Information Model (CIM) where each are
in use?  I see you mention YANG for security configuration, so I'll be
curious as to how you fit MUD and YANG together (which I agree is a good
direction).  Can YANG be used elsewhere?  I asked this question because of
statements on developing protocols, bu this is an early draft.

Question on where the work could be done: It could fit in SACM or it could
also be it's own WG IMO.

Thank you!!  It's off to a great start.

Best regards,

On Fri, Oct 19, 2018 at 12:45 PM Abhik Chaudhuri <>;

> Dear Thorsten,
> Thanks for sharing the draft.
> Both PASC and PAVA looks promising in first glance, although many
> follow-up questions come in mind from architectural, operational  and
> domain based application (eg: feasibility in Health-IoT) perspectives,
> I am interested to know more.
> Thanks and regards,
> Abhik Chaudhuri
> Book author: "*Internet of Things, for Things and by Things*" (Taylor and
> Francis, US; Published in August 2018);
> Co-creator of 'IoT Privacy by Design Framework' with Dr. Ann Cavoukian
> (Feb 2018);
> Chevening Fellow (UK);
> Fellow of Cloud Security Alliance (US);
> Member: IETF SACM;
> Co-Editor: ISO/IEC JTC1 SC27.
> On Fri, 19 Oct 2018 at 21:49, Garcia-Morchon O, Oscar <
>>; wrote:
>> Hi all,
>> this one should work:
>> Regards, Oscar.
>> On 19 Oct 2018, at 18:14, Kathleen Moriarty <
>>>; wrote:
>> Hello,
>> Is the link provided correct?  It's not working for me.
>> Thank you,
>> Kathleen
>> On Fri, Oct 19, 2018 at 12:06 PM Thorsten Dahm <thorstendlux=
>>>; wrote:
>>> Hello SACM list,
>>> we just submitted the following draft today and plan to present it in
>>> the T2TRG WG in Bangkok:
>>> <>
>>> But the topic might be interesting for this WG as well. In case there is
>>> any interest, I could also present this in SACM.
>>> Regards,
>>> Thorsten
>>> --
>>> Thorsten Dahm
>>> Network Engineer
>>> Google Ireland Ltd.
>>> The Gasworks, Barrow Street
>>> Dublin 4,  Ireland
>>> Registered in Dublin, Ireland
>>> Registration Number: 368047
>>> _______________________________________________
>>> sacm mailing list
>>> <>
>> --
>> Best regards,
>> Kathleen
>> _______________________________________________
>> sacm mailing list


Best regards,