| 28 | == Latest work |
| 29 | Our work is best demonstrated through some of our existing drafts, which can be found on [https://github.com/smart-rg/drafts our Github page] or the IETF [https://datatracker.ietf.org/doc/search/?name=smart&activedrafts=on&rfcs=on datatracker]. |
| 30 | |
| 31 | === draft-charter |
| 32 | The SMART draft charter should give you a reasonable idea of what SMART aims to achieve and the kind of work you'll find going on in this research group. |
| 33 | |
| 34 | === draft-taddei-smart-cless-introduction |
| 35 | * Also known as CLESS: Capabilities and Limitations of Endpoint Security Solutions: [https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ draft-taddei-smart-cless-introduction] |
| 36 | [https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ CLESS] attempts to establish the capabilities and limitations of endpoint-only security solutions and explore potential alternative approaches. |
| 37 | |
| 38 | === draft-mcfadden-smart-endpoint-taxonomy-for-cless |
| 39 | * Endpoint Taxonomy for CLESS: [https://datatracker.ietf.org/doc/draft-mcfadden-smart-endpoint-taxonomy-for-cless/ draft-mcfadden-smart-endpoint-taxonomy-for-cless] |
| 40 | [https://datatracker.ietf.org/doc/draft-taddei-smart-cless-introduction/ CLESS] discusses endpoints in general terms. It has been suggested that there are classes of endpoints that have different characteristics. Those classes may have completely different threat landscapes and the endpoints may have completely different security capabilities. In support of the work on CLESS, this document provides a taxonomy of endpoints that is intended to provide a foundation for further work on CLESS and research on approaches to providing endpoint security alternatives in a diverse group of settings. |
| 41 | |
| 42 | === draft-sasse-smart-secui-questions |
| 43 | * Open Questions in Supporting Secure User Interactions: [https://github.com/smart-rg/drafts/blob/master/draft-sasse-smart-secui-questions.txt draft-sasse-smart-secui-questions] |
| 44 | Describes open questions in supporting usable security at the UI level. The questions are split into defining a set of manageable security tasks for countering the most common attacks, and the UI elements for signalling whether an intended action is secure. |
| 45 | |
| 46 | === draft-lazanski-smart-users-internet |
| 47 | * An Internet for Users Again: [https://datatracker.ietf.org/doc/draft-lazanski-smart-users-internet/ draft-lazanski-smart-users-internet] |
| 48 | RFC 3552 introduces a threat model that does not include endpoint security. In the fifteen years since RFC 3552 security issues and cyber attacks have increased, especially on the endpoint. This document proposes a new approach to Internet cyber security protocol development that focuses on the user of the Internet, namely those who use the endpoint and are the most vulnerable to attacks. |
| 49 | |
| 50 | === draft-moriarty-caris2 |
| 51 | * Coordinating Attack Response at Internet Scale 2 Report: [https://datatracker.ietf.org/doc/draft-moriarty-caris2/ draft-moriarty-caris2] |
| 52 | Coordinating Attack Response at Internet Scale (CARIS) 2, sponsored by the Internet Society, took place 28 February and 1 March 2019 in Cambridge, Massachusetts, USA. Participants spanned regional, national, international, and enterprise CSIRTs, operators, service providers, network and security operators, transport operators and researchers, incident response researchers, vendors, and participants from standards communities. |
| 53 | |
| 54 | This workshop continued the work started at the first CARIS workshop, with a focus for CARIS 2 on scaling incident prevention and detection as the Internet industry moves to stronger and a more ubiquitous deployment of session encryption. |
| 55 | |
| 56 | === draft-mcfadden-smart-rfc3552-research-methodology |
| 57 | * Methodology for Researching Security Considerations Sections: [https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-research-methodology/ draft-mcfadden-smart-rfc3552-research-methodology] |
| 58 | |
| 59 | RFC3552 provides guidance to authors in crafting RFC text on Security Considerations. The RFC is more than fifteen years old. With the threat landscape and security ecosystem significantly changed since the RFC was published, RFC3552 is a candidate for update. This draft proposes that, prior to drafting an update to RFC3552, an examination of recent, published Security Considerations sections be carried out as a baseline for how to improve RFC3552. It suggests a methodology for examining Security Considerations sections in published RFCs and the extraction of both quantitative and qualitative information that could inform a revision of the older guidance. |
| 60 | |
| 61 | |
| 62 | |