Re: [Smart] Draft Charter For SMART Proposed RG

Kirsty P <Kirsty.p@ncsc.gov.uk> Fri, 28 September 2018 11:24 UTC

Return-Path: <Kirsty.p@ncsc.gov.uk>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0592130E22 for <smart@ietfa.amsl.com>; Fri, 28 Sep 2018 04:24:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tlnBl6aJqAFA for <smart@ietfa.amsl.com>; Fri, 28 Sep 2018 04:24:11 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110104.outbound.protection.outlook.com [40.107.11.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C430F130E21 for <smart@irtf.org>; Fri, 28 Sep 2018 04:24:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SvVdd7Pk/MDgIg+7a6vwtwBMI1BnuTrIYMI5WLY4k4M=; b=PhtDdxfm5lQrspnUc3q/Vy/Mw9OyGUky73GgTCGsGLXbJS/by4Eu6WhvtUmYQB4eQcCuofVkdEU/ZFf9nfnUVhurCqoPazRfgzRrmKJcfx1vEVEmymEJAwPGYmjbjwAsVECLMh8z7wjoS0/3LlcjJ4ICBX5upzTiNhf8eNf4lcE=
Received: from MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM (10.166.238.153) by MMXP123MB0029.GBRP123.PROD.OUTLOOK.COM (10.166.237.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1185.22; Fri, 28 Sep 2018 11:24:03 +0000
Received: from MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM ([fe80::f47d:48cb:508c:735]) by MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM ([fe80::f47d:48cb:508c:735%6]) with mapi id 15.20.1164.024; Fri, 28 Sep 2018 11:24:03 +0000
From: Kirsty P <Kirsty.p@ncsc.gov.uk>
To: Bret Jordan <jordan.ietf@gmail.com>
CC: "smart@irtf.org" <smart@irtf.org>
Thread-Topic: [Smart] Draft Charter For SMART Proposed RG
Thread-Index: AQHUVZi+lzqZSNIeBkaG8Q8CJQJz8qUEr2oAgADSCrk=
Date: Fri, 28 Sep 2018 11:24:03 +0000
Message-ID: <MMXP123MB0847039938CDA4581DC9AA65D7EC0@MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM>
References: <MMXP123MB0847E55749751AA12D26DBFAD7150@MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM>, <B681C76A-CE1F-4C4B-8389-658A01D0E77E@gmail.com>
In-Reply-To: <B681C76A-CE1F-4C4B-8389-658A01D0E77E@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kirsty.p@ncsc.gov.uk;
x-originating-ip: [51.141.34.27]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MMXP123MB0029; 6:uihOsmZAUS0uzPVVojvdcVHjU4wFYYXYTHzRGGV9PBgSCY3P2XosFiU05VtFbm44odXthMh7tOLMe0Vdw9KFGsp7TdFVTEY3NMQwhPIIpavttEGta8yDjDxLA/E4rGZaTO9YcmlwT7jJVMc9ftbJBzcgb/oNXD+l2fQiAu/vm3bLGs8Hzzz/h5XSFjJ+sbfklViH4EKjbSIODmA9hKpLK57RyXm8hJxr+bC6eUaROoTJxOfVwEioLUOydXxhloLFUKVUNdP1Qm5LRKMUeoqn5KdyTbkvWe9EARfCQm4Hu9UhQLbBtH+EMgZ2aizZTG9I1YwPS1xXLRNvkLFCKvvr/niE9DwYtorTb+TvHgwyn3TrxLgieq/cUbJ5NYAwZC5mSvOXbcUNWhW1+NSOfdazvms7GHJWqicVByuGRSgHiBqNTNf2v/8PMhyL1s1rK4cOFRZEIaX9O+2x9iT6kXvJhA==; 5:EWnbHNtpvFrf4XbgwHs06sHZEVhrpGLojsP0Rvf64U+9J2r9SNxyXwlWT27zSB2dYXn4wyRJ+tIB+d2yPZuYwt8VZFiso1o1FZEsN0VqeJBmc25Ny+CTgZ7TLF1d6vEVw/OHM+O2t0juTkENw7LmPIaVv1xMNsVsYOsTzdDdZzI=; 7:O5HSHLlgs2TcWEgfnImlNQTixVjBYIYUtKhUwcG8/kQd9kXzTLKKfMWq4G++MkxNPoEwHjE923UK9zL8yWZO6+BRQhc2ohoGq7Ao0us2pgu8NY7WtexW2Xp0kjB45a9sjWiHr4Dezggjvt8L5omADSetws1SzP/qZCskEWdVcC2Tyr159ovTcUjema8RgK9YfqV6GW2y3AuxT6KDWufmjFef6daepE+m/FJQdBZjncL0LU/6sfYjJ2LQagNbXddQ
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: a56cfa2e-12cc-4f93-2d67-08d62534e522
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:MMXP123MB0029;
x-ms-traffictypediagnostic: MMXP123MB0029:
x-microsoft-antispam-prvs: <MMXP123MB00291F43FB0DFF94392FA98CD7EC0@MMXP123MB0029.GBRP123.PROD.OUTLOOK.COM>
x-exchange-antispam-report-test: UriScan:(85827821059158)(192374486261705)(27231711734898)(45079756050767)(189930954265078);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(93006095)(93001095)(3002001)(10201501046)(149066)(150057)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(201708071742011)(7699051); SRVR:MMXP123MB0029; BCL:0; PCL:0; RULEID:; SRVR:MMXP123MB0029;
x-forefront-prvs: 0809C12563
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400004)(136003)(396003)(376002)(346002)(366004)(189003)(199004)(71200400001)(606006)(68736007)(7696005)(5660300001)(81156014)(8676002)(8936002)(81166006)(6306002)(236005)(54896002)(9686003)(74482002)(6436002)(55016002)(316002)(75922002)(229853002)(186003)(76176011)(53936002)(53546011)(2900100001)(105586002)(6506007)(6916009)(99286004)(97736004)(33656002)(966005)(102836004)(14454004)(2906002)(71190400001)(6606003)(19627405001)(26005)(66066001)(106356001)(7736002)(5250100002)(72206003)(55236004)(478600001)(476003)(256004)(14444005)(86362001)(11346002)(446003)(74316002)(3846002)(486006)(4326008)(6246003)(39060400002)(1015004)(6116002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:MMXP123MB0029; H:MMXP123MB0847.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-microsoft-antispam-message-info: jH6d/2B+MiAs5MtQX5cTcJF4Gzm732aYje6Wv7yRFXIAgS6HciingfxnT8iM64ozkqCHyCQ+fKVjtk59LsUroteOG2G6v2mdxtxIu9IdMTL3KQSgosKFWC+ddtV9mQgqHTO7dQvJDT/4JCCGhmSuG8AwpSX6iBVtqOju6GXl5+Eu7KI6sSjSVvo9bMY79w3UwKMu6ENGpsiflqiyDL4yL2XAwEm35vLJ+iqHfsO37pgFG4AWup1nZjhVYr744dP0zKfYLVtaBmD8Sh0PZU7jtZubcXnpjiS3gvIq5kz7kzwFy5Iwo6tfxju7N7SfUoIk+kZjhWZtORnFjVc7fLDvYuUqIsYx+J8i/sfaChNR3PI=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MMXP123MB0847039938CDA4581DC9AA65D7EC0MMXP123MB0847GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: a56cfa2e-12cc-4f93-2d67-08d62534e522
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Sep 2018 11:24:03.1022 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MMXP123MB0029
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/BBp_tqRUkNS-VQWrYqiWGfm032U>
Subject: Re: [Smart] Draft Charter For SMART Proposed RG
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2018 11:24:15 -0000

Bret,


Thanks for your encouraging words! If you have ideas for more topics that should be covered in the short-term, please feel free to share with the list.


Kirsty


________________________________
From: Bret Jordan <jordan.ietf@gmail.com>
Sent: 27 September 2018 22:59:04
To: Kirsty P
Cc: smart@irtf.org
Subject: Re: [Smart] Draft Charter For SMART Proposed RG

Kristy and RG ET al.,

I think this charter sounds great and covers most of the areas we need to address in the short-term.  Great work. The deliverables outlined so far will greatly assist the community for years to come.

Bret

Sent from my Commodore 128D

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

On Sep 26, 2018, at 9:36 AM, Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org<mailto:Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>> wrote:


This is the draft charter for the Proposed Research Group: Stopping Malware and Researching Threats (SMART).

Your thoughts and suggestions are very welcome - please post to the list with your comments! - and keep an eye out for a list of proposed research problems soon...



# Stopping Malware and Researching Threats (SMART) Proposed RG - Draft Charter


## BACKGROUND

The Stopping Malware and Researching Threats Research Group (or SMART RG) will investigate how cyber attack defence requirements can be met in a world of encrypted data. It will research the effects, both positive and negative, of existing, proposed and newly published protocols and Internet standards on attack defence. It will gather evidence from information security practitioners on methods used to defend against attacks and make this available to protocol designers. As a result, designers, implementers and users of new protocols will be better informed about the possible impact on attack prevention and mitigation.


The IRTF is in a unique position to provide this research and evidence to the IETF. This research group aims to describe the effect of protocol changes where relevant and stimulate methodical research into attack defence methods for new protocols. Protocols are already rigorously assessed for their security properties, but ensuring attack defence methods are also rigorously assessed alongside protocol design changes would provide a fuller understanding of the value for such change, enabling a better engineered Internet.



## AIMS

This research group has these major aims:

  *   To bring evidence on attacks and the methods that are or could be used to defend against them to the attention of the IETF.
  *   To highlight the attack mitigation impact, both positive and negative, of new protocols and updates to existing protocols.
  *   To stimulate and generate research into attack defence methods for new protocols, and to increase awareness in the technical community of new and existing methodology for detecting and mitigating attacks.
  *   To provide systematic guidance to designers of new protocols as to what attack defence considerations to review, and to inform implementers by default about the effects of new protocols on attack defence.
  *   To produce problem statements that describe key issues in cyber security for the group to research (initial research project ideas are listed below).



## OUTPUTS

The research group plans to create documents that may include, but are not limited to, the following:

  *   Internet drafts, some of which may be published through the IRTF RFC stream. These will include outline problem statements, use cases, case studies and convey research results. They will be written for use by other groups to inform protocol design.
  *   Policy papers, for in-depth analysis and discussion of the relationship between attack defence and the Internet architecture and protocols.
  *   Research papers, containing quantitative evidence of actual attacks and the success of defence methods against them, as well as theoretical and formal analyses of the implications of proposed protocols on attack defence. Defence methods will be analyzed to determine if there are ways to optimize in order to better scale attack detection and mitigation.
  *   Survey of current and historic IETF material to discover existing deliberations on attack defence.
  *   Best practice papers, describing methodologies that will enable researchers to conduct experiments and report results that are useful to designers of protocols. These methodologies will give descriptions of the effects of protocols on attack defence backed by evidence from real-world attacks, laboratory-based testing and theoretical analysis of protocols, through the analysis lens of attacks, detection methods and systematic assessment methodologies.

Within the first year, the research group aims to:

  *   Survey existing attack detection methods and determine the relative effectiveness of these methods against different attack defence threats (e.g. phishing, DDoS, spambots, C&C, endpoint malware)
  *   Publish case studies of historical attacks and make recommendations where attacks could have been stopped more quickly, or even prevented
  *   Publish an Informational RFC, titled: "Important Attack Defence Considerations for Protocol Design and Deployment".


## MEMBERSHIP

Membership is open to any interested parties who intend to remain current with the published documents and mailing list issues. Wide participation from industry, academia, government and non-profits is encouraged.





This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk<mailto:ncscinfoleg@ncsc.gov.uk>
--
Smart mailing list
Smart@irtf.org<mailto:Smart@irtf.org>
https://www.irtf.org/mailman/listinfo/smart<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fsmart&data=02%7C01%7CKirsty.p%40ncsc.gov.uk%7Ca366352e8c64434aa2dc08d624c4776f%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636736823579569953&sdata=OUl%2BBxGgfF2Z5XLQ1iFhGMTdU9ePYXnb0%2F%2BBP9CtpZM%3D&reserved=0>
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk