Updating with some post-hackathon information

sacmwg · Jul 21, 2017 · 43b5d95 · 43b5d95
1 parent d817ef3
commit 43b5d95
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 0 deletions.
diff --git a/ietf_99_hackathon/README.md b/ietf_99_hackathon/README.md
@@ -75,3 +75,17 @@ The following is a list of candidate vulnerabilities we might attempt to detect,
 * Xen: [CVE-2017-10912](https://nvd.nist.gov/vuln/detail/CVE-2017-10912)
 * Ncurses: [CVE-2017-10685](https://nvd.nist.gov/vuln/detail/CVE-2017-10685)
 * Perl XML-LibXML: [CVE-2017-10672](https://nvd.nist.gov/vuln/detail/CVE-2017-10672)
+
+## Outcomes
+Our hackathon took place in Prague just before and during the start of IETF 99. Over the course of that weekend, we were able to complete the desired flow listed above. We had some key learnings, not the least of which is that we should attempt to focus our efforts heavily on wide-net collection and upon defining a robust evaluation/query language. We also wished we had the ability to filter for SWIDs of a particular shape.
+
+
+### A Related Hackathon Effort
+While we were working on our efforts described above, others in a cross section of SACM, MILE, and I2NSF were working on a YANG-push-based method of collection with downstream dissemination of collected information to an XMPP Grid. Roughly, their appraoch looked like the following.
+
+![XMPP Diagram](https://raw.githubusercontent.com/sacmwg/vulnerability-scenario/master/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png)
+
+### Integrating These Approaches
+The following depicts a possible way forward for integrating these two efforts. The depiction below shows collection of software identification information from one endpoint using SWIMA (which is software identification over PT-TLS - it's not difficult to imagine other collection types going over PT-TLS). In this case, the SACM Collector are the StrongSWAN and PT-TLS Client working together. Similarly, collection from network equipment (target endpoints A and B in this diagram) may get to some SACM collector using YANG-push. Both SACM collectors could then publish that collected information to some XMPP-Grid Controller, in this case a broker. The endpoint repository of our hackathon effort (StrongTNC) would then receive the information, and our assessor (CIS-CAT Pro in our hackathon effort) would be able to query that information at will, each using the XMPP-Grid approach of disseminating downstream collection information.
+
+![Combined Diagram](https://raw.githubusercontent.com/sacmwg/vulnerability-scenario/master/ietf_99_hackathon/graphics/hackathon_deployment_combined.png)
diff --git a/ietf_99_hackathon/graphics/hackathon_deployment.graffle b/ietf_99_hackathon/graphics/hackathon_deployment.graffle
diff --git a/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png b/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png
diff --git a/ietf_99_hackathon/graphics/hackathon_deployment_combined.graffle b/ietf_99_hackathon/graphics/hackathon_deployment_combined.graffle
diff --git a/ietf_99_hackathon/graphics/hackathon_deployment_combined.png b/ietf_99_hackathon/graphics/hackathon_deployment_combined.png