Changes between Version 4 and Version 5 of smart


Ignore:
Timestamp:
12/07/19 15:48:51 (4 years ago)
Author:
kirsty.p@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • smart

    v4 v5  
    44(To subscribe, you need to click subscribe and then click the link in the email sent to you afterwards. For awareness: this often goes to junk mail.)
    55
     6**Github page:** https://github.com/smart-rg (this is often the best place to find all the drafts in one up-to-date place)
     7
    68**Draft charter:** https://github.com/smart-rg/drafts/blob/master/draft-charter.md
    79
    810**Datatracker:** https://datatracker.ietf.org/group/smart/about/
    9 
    10 **Github page:** https://github.com/smart-rg
    1111
    1212**CARIS 2:** https://www.internetsociety.org/events/caris2
     
    1414**Co-chairs:** Kathleen Moriarty, Kirsty P
    1515
    16 **Next Meeting:** Monday 25th March 2019, 16:10-18:10.
     16**Next Meeting:** IETF 105 in Montreal: Wednesday 22nd July 2019, 09:00 EDT.
    1717
    1818== What is SMART?
     
    2626SMART is a forum for research and case studies to provide an understanding of attacks and the threat landscape, utilising research and expertise from industry and academia, so that when protocol design decisions are made, they are made with a better understanding of the consequences to cyber defence and attacks.
    2727
     28== Latest work
     29Our work is best demonstrated through some of our existing drafts, which can be found on [https://github.com/smart-rg/drafts our Github page] or the IETF [https://datatracker.ietf.org/doc/search/?name=smart&activedrafts=on&rfcs=on datatracker].
     30
     31=== draft-charter
     32The SMART draft charter should give you a reasonable idea of what SMART aims to achieve and the kind of work you'll find going on in this research group.
     33
     34=== draft-taddei-smart-cless-introduction
     35* Also known as CLESS: Capabilities and Limitations of Endpoint Security Solutions: [https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ draft-taddei-smart-cless-introduction]
     36[https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ CLESS] attempts to establish the capabilities and limitations of endpoint-only security solutions and explore potential alternative approaches.
     37
     38=== draft-mcfadden-smart-endpoint-taxonomy-for-cless
     39* Endpoint Taxonomy for CLESS: [https://datatracker.ietf.org/doc/draft-mcfadden-smart-endpoint-taxonomy-for-cless/ draft-mcfadden-smart-endpoint-taxonomy-for-cless]
     40[https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ CLESS] discusses endpoints in general terms. It has been suggested that there are classes of endpoints that have different characteristics. Those classes may have completely different threat landscapes and the endpoints may have completely different security capabilities. In support of the work on CLESS, this document provides a taxonomy of endpoints that is intended to provide a foundation for further work on CLESS and research on approaches to providing endpoint security alternatives in a diverse group of settings.
     41
     42=== draft-sasse-smart-secui-questions
     43* Open Questions in Supporting Secure User Interactions: [https://github.com/smart-rg/drafts/blob/master/draft-sasse-smart-secui-questions.txt draft-sasse-smart-secui-questions]
     44Describes open questions in supporting usable security at the UI level. The questions are split into defining a set of manageable security tasks for countering the most common attacks, and the UI elements for signalling whether an intended action is secure.
     45
     46=== draft-lazanski-smart-users-internet
     47* An Internet for Users Again: [https://datatracker.ietf.org/doc/draft-lazanski-smart-users-internet/ draft-lazanski-smart-users-internet]
     48RFC 3552 introduces a threat model that does not include endpoint security. In the fifteen years since RFC 3552 security issues and cyber attacks have increased, especially on the endpoint. This document proposes a new approach to Internet cyber security protocol development that focuses on the user of the Internet, namely those who use the endpoint and are the most vulnerable to attacks.
     49
     50=== draft-moriarty-caris2
     51* Coordinating Attack Response at Internet Scale 2 Report: [https://datatracker.ietf.org/doc/draft-moriarty-caris2/ draft-moriarty-caris2]
     52Coordinating Attack Response at Internet Scale (CARIS) 2, sponsored by the Internet Society, took place 28 February and 1 March 2019 in Cambridge, Massachusetts, USA. Participants spanned regional, national, international, and enterprise CSIRTs, operators, service providers, network and security operators, transport operators and researchers, incident response researchers, vendors, and participants from standards communities.
     53
     54This workshop continued the work started at the first CARIS workshop, with a focus for CARIS 2 on scaling incident prevention and detection as the Internet industry moves to stronger and a more ubiquitous deployment of session encryption.
     55
     56=== draft-mcfadden-smart-rfc3552-research-methodology
     57* Methodology for Researching Security Considerations Sections: [https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-research-methodology/ draft-mcfadden-smart-rfc3552-research-methodology]
     58
     59RFC3552 provides guidance to authors in crafting RFC text on Security Considerations. The RFC is more than fifteen years old. With the threat landscape and security ecosystem significantly changed since the RFC was published, RFC3552 is a candidate for update. This draft proposes that, prior to drafting an update to RFC3552, an examination of recent, published Security Considerations sections be carried out as a baseline for how to improve RFC3552. It suggests a methodology for examining Security Considerations sections in published RFCs and the extraction of both quantitative and qualitative information that could inform a revision of the older guidance.
     60
     61
     62
    2863== What is CARIS 2?
    2964CARIS (Co-ordinating Attack Response at Internet Scale) is a series of workshops, sponsored by the Internet Society. The first Co-ordinating Attack Response at Internet Scale [https://www.iab.org/activities/workshops/caris/ (CARIS)] workshop was held in June 2015. That workshop was written up as [https://www.rfc-editor.org/info/rfc8073 RFC 8073].
     
    3671[From our proposed charter:] SMART will research the effects, both positive and negative, of existing, proposed and newly published protocols and Internet standards on attack defence. It will gather evidence from information security practitioners and researchers on methods used to defend against attacks and make this available to protocol designers, implementers and users. As a result, designers, implementers and users of new protocols will be better informed about the possible impact on attack prevention and mitigation. The SMART RG aims to guide IETF protocol development and become the hub of expertise on attack defence in the IETF/IRTF.
    3772
    38 We're meeting at IETF 104 in Prague on Monday 25th March 2019.
     73We're meeting at IETF 105 in Montreal on Wednesday 22nd July 2019.
    3974
    4075The threat landscape is broad, and so is the research we're interested in! We want evidence-based research and case studies on a range of topics:
     
    5792For a start: yes, this group is about cyber defence and cyber security. However, the word "cyber" is considered a buzzword in some circles at IETF, so we call it "attack defence" instead. You can see what we roughly mean by the word cyber [https://mailarchive.ietf.org/arch/msg/smart/WslfXDi9g9iH3L-oIoiG9eGWmmw here].
    5893
    59 Details of the week-long IETF 104 meeting are on [https://www.ietf.org/how/meetings/104/ the IETF pages] - including the agenda, how to register, the attendees list, and more. IRTF meetings are co-located with the IETF. SMART meets for two hours on Monday 25th for IETF 104, but we hope you will find other sessions that will interest you during the rest of the day. You don't need to be a member to attend the meetings.
     94Details of the week-long IETF 105 meeting are on [https://www.ietf.org/how/meetings/105/ the IETF pages] - including the agenda, how to register, the attendees list, and more. IRTF meetings are co-located with the IETF. SMART meets for 1.5 hours on Wednesday 22nd July for IETF 105, but we hope you will find other sessions that will interest you during the rest of the day. You don't need to be a member to attend the meetings.
    6095
    6196For academics, there is a free [https://www.ietf.org/how/meetings/guest-pass/ guest pass] to attend the IRTF, which is valid for one day; this includes SMART.
    6297
    63 If you are interested in participating remotely, please find the information you need to do so [https://www.ietf.org/how/meetings/104/remote/ here].
     98If you are interested in participating remotely, please find the information you need to do so [https://www.ietf.org/how/meetings/105/remote/ here].
    6499