Hi Linda and Yoav, My student Patrick and I are working for the revision of I2NSF Capability YANG Data Model Draft. We have reflected all the comments of IESG and Tsvart on the revision, but I am working for proofreading our revision. I am expecting to finish the proofreading and post the revised draft early next week.
Have a Merry Christmas! Best Regards, Paul On Sat, Dec 19, 2020 at 1:07 AM Linda Dunbar <[email protected]> wrote: > Paul, > > > > Thank you very much for the update. No worry. > > Have a nice holiday. > > > > Linda > > > > *From:* Mr. Jaehoon Paul Jeong <[email protected]> > *Sent:* Friday, December 18, 2020 7:59 AM > *To:* Linda Dunbar <[email protected]>; Yoav Nir < > [email protected]> > *Cc:* [email protected]; Roman Danyliw <[email protected]>; skku-iotlab-members < > [email protected]>; Mr. Jaehoon Paul Jeong < > [email protected]> > *Subject:* Re: Requests for Comments on I2NSF WG Re-chartering Text > > > > Hi Linda and Yoav, > > For I2NSF Capability YANG Data Model Draft > (draft-ietf-i2nsf-capability-data-model-13), > > I need more time to finish the revision for the IESG and Tsvart. > > I will try to finish the revision by December 24, 2020. > > At the end of the fall semester, I am overloaded with my university work. > > > > Thanks for your considerations. > > > > Best Regards, > > Paul > > > > On Fri, Dec 11, 2020 at 12:26 AM Linda Dunbar <[email protected]> > wrote: > > Paul, > > > > Thank you very much for the update. > > The schedule looks very good. > > > > Linda > > > > *From:* Mr. Jaehoon Paul Jeong <[email protected]> > *Sent:* Wednesday, December 9, 2020 8:40 PM > *To:* [email protected] > *Cc:* Roman Danyliw <[email protected]>; Linda Dunbar < > [email protected]>; Yoav Nir <[email protected]>; > skku-iotlab-members <[email protected]>; Mr. Jaehoon > Paul Jeong <[email protected]> > *Subject:* Re: Requests for Comments on I2NSF WG Re-chartering Text > > > > Hi I2NSF WG, > > I have the schedule to submit our I2NSF YANG Data Model Drafts to the IESG > as follows. > > > > o I2NSF Capability YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability-data-model/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-capability-data-model%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030569227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w0m%2F3KDyMmqpTDGPOeLE26dT8pi3Pw4YQPUKdsqw%2FIQ%3D&reserved=0> > ) > > - The revised draft for the IESG's and Tsvart's reviews will be > submitted on December 18, 2020. > > > > o I2NSF NSF-Facing Interface YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-nsf-facing-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030569227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PGvdiiDlAbttfcannW85n2swlRrWXuakv5Ael7H8OtY%3D&reserved=0> > ) > > - The revised draft for our AD Roman's review will be submitted on > January 18, 2021. > > > > o I2NSF Consumer-Facing Interface YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-consumer-facing-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030579226%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0LpR6mdhRgkITnNDFCMXCcjTZiVl8FZfK4cr32r71yw%3D&reserved=0> > ) > > - The draft will be submitted to the IESG for our AD's review on > January 25, 2021. > > > > o I2NSF NSF Monitoring Interface YANG Data Model Draft > > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-monitoring-data-model/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-nsf-monitoring-data-model%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030579226%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PZ%2BWKYREt41aMq1h0NZ6B3sbibdOSvKRWjekDOAzgU0%3D&reserved=0> > ) > > - The revised draft for the 1st YANG Doctor review will be submitted to > the YANG Doctor > > on January 31, 2021. > > > > o I2NSF Registration Interface YANG Data Model Draft > ( > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-registration-interface-dm/ > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-i2nsf-registration-interface-dm%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030589218%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yqp8Tfc62T3Vy7jib1o0LdmLgGB5chb%2Fu6WpF9NUHaQ%3D&reserved=0> > ) > > - The draft will be submitted to the IESG for our AD's review on February > 15, 2021. > > > > Thanks. > > > > Best Regards, > > Paul > > > > On Thu, Dec 10, 2020 at 11:16 AM Mr. Jaehoon Paul Jeong < > [email protected]> wrote: > > Hi I2NSF WG, > > I2NSF WG chairs (Linda and Yoav) and members including Susan, Diego, and > me > > had an online meeting for I2NSF WG Re-chartering Text on December 3, 2020. > > > > Could you read the following text and give us your comments on it? > > > > > ------------------------------------------------------------------------------------------------------------------------------- > > <I2NSF WG Re-chartering Text> > > Interface to Network Security Functions (I2NSF) provides security function > vendors, users, and > > operators with a standard framework and interfaces for cloud-based > security services. I2NSF > > enables the enforcement of a high-level security policy, which is > expressed according to a user's > > perspective of the target network. This security policy enforcement in > I2NSF is a data-driven > > approach using NETCONF/YANG or RESTCONF/YANG, where a security policy is > constructed > > based on a YANG data model. > > The I2NSF framework consists of four components such as I2NSF User, > Security Controller, > > Network Security Function (NSF), and Developer's Management System (DMS). > The I2NSF > > User specifies a high-level security policy for a target network. The > Security Controller is aware > > of the capabilities of the attached NSFs, using them to build the security > service(s) satisfying > > the policy expressed by the I2NSF User. An NSF provides a set of specific > security capabilities > > (e.g., firewalling, web filtering, packet inspection, and DDoS-attack > mitigation), applying security > > policy rules. The DMS registers the capabilities of an NSF with the > Security Controller. > > The I2NSF framework has four interfaces such as Consumer-Facing Interface, > NSF-Facing > > Interface, Registration Interface, and Monitoring Interface. > Consumer-Facing Interface is used > > to deliver high-level security policies from the I2NSF User to the > Security Controller. NSF-Facing > > Interface is used to deliver low-level security policies from the Security > Controller to an NSF. > > The Registration Interface is used to register the capabilities of an NSF > with the Security > > Controller. The Monitoring Interface is used to collect monitoring data > from an NSF. > > The goal of I2NSF is to define a set of software interfaces and data > models of such interfaces > > for configuring, maintaining, and monitoring NSFs in cloud environments, > including NFV and > > edge deployments. For security management automation in an autonomous > security system, > > I2NSF needs to have a feedback control loop consisting of security policy > configuration in an > > NSF, monitoring for an NSF, data analysis for NSF monitoring data, > feedback delivery, and > > security policy augmentation/generation. For this security management > automation, the I2NSF > > framework requires a new component to collect NSF monitoring data and > analyze them, which > > is called I2NSF Analyzer. Also, the I2NSF framework needs a new interface > to deliver feedback > > messages for security policy adjustment from I2NSF Analyzer to Security > Controller. A proper > > translation of the planned actions onto NSF capabilities requires a > well-defined model for > > representing these actions. > > I2NSF is vulnerable to inside and supply chain attacks since it trusts NSF > capability declarations > > as provided by DMS, assuming that NSFs work appropriately in all > circumstances, as well as > > I2NSF User’s policy declarations and the actions of the Security > Controller. The registration of > > NSF capabilities, the declaration of a security policy from either the > I2NSF User or its > > enforcement by the Security Controller, and the monitoring data from an > NSF are assumed to be > > genuine and non-malicious. If one of such activities is malicious, the > security system based on > > I2NSF may collapse. To prevent this malicious activity from happening in > the I2NSF framework > > or detect the root of a security attack, all the activities in the I2NSF > framework should be logged > > in either a centralized or decentralized (e.g., blockchain) way. Also, the > provenance and status > > of the I2NSF components (i.e., I2NSF User, Security Controller, NSF, DMS, > and I2NSF Analyzer) > > need to be verified by remote attestation, leveraging the current results > mostly focused on IT > > environments. > > Finally, the current YANG data models for the I2NSF interfaces are > designed on the basis of NSFs > > implemented as virtual machines, and therefore they need to be redesigned > for the case where > > I2NSF components are instantiated by containers. > > The I2NSF working group's deliverables include: > > o A single document for an extension of I2NSF framework for security > management automation. > > This document will initially be produced for reference as a living list to > track and record discussions: > > the working group may decide to not publish this document as an RFC. > o A YANG data model document for I2NSF Application Interface to deliver > feedback from I2NSF > > Analyzer to Security Controller. > o A single document for applicability and use cases in I2NSF-based > security management > > automation. > o A single document for a framework for security policy translation to > support the mapping > > between a high-level YANG module and a low-level YANG module: the working > group may decide > > to not publish this document as an RFC. This document will apply the > recommendations under > > discussion in NETMOD and OPSAWG on event modeling. > o A single document for remote attestation for I2NSF components, based on > the work of the > > RATS WG. > o A single document for I2NSF on container deployments in a cloud native > NFV architecture. > > -------------- > Milestones > > o July 2022: Adopt applicability and use cases in I2NSF-based security > management automation > > as WG document > o March 2022: Adopt I2NSF on container deployments in a cloud native NFV > architecture as WG > > document > o November 2021: Adopt a framework for security policy translation as WG > document > o July 2021: Adopt remote attestation for I2NSF components as WG document > o July 2021: Adopt a YANG data model for I2NSF Application Interface as WG > document > o March 2021: Adopt an extension of I2NSF framework for security > management automation as > > WG document > > > ------------------------------------------------------------------------------------------------------------------------------- > > > > After submitting all the I2NSF YANG data model drafts, we will be able to > work on > > the I2NSF WG re-chartering in earnest. > > > > Thanks. > > > > Best Regards, > > Paul > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Computer Science and Engineering > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030589218%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=TjsT%2BDqEBHy80rPalA1kNMOyFHaac5mSf8BpKLKRzuQ%3D&reserved=0> > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Computer Science and Engineering > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030599205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RHDeHONoyLkPBCuf5MVhmJ6JcRSy9W6DMAtj6XjpfgY%3D&reserved=0> > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Computer Science and Engineering > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C5e776460cdb3450db3af08d8a35d361e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637438968030609206%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m2cWjpSryresNb5uVccLhFXEQtLY2YfUE8I3dhlzWU8%3D&reserved=0> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Computer Science and Engineering Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected], [email protected] Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
