diff --git a/ietf_99_hackathon/README.md b/ietf_99_hackathon/README.md index 48d4f86..165ddb1 100644 --- a/ietf_99_hackathon/README.md +++ b/ietf_99_hackathon/README.md @@ -75,3 +75,17 @@ The following is a list of candidate vulnerabilities we might attempt to detect, * Xen: [CVE-2017-10912](https://nvd.nist.gov/vuln/detail/CVE-2017-10912) * Ncurses: [CVE-2017-10685](https://nvd.nist.gov/vuln/detail/CVE-2017-10685) * Perl XML-LibXML: [CVE-2017-10672](https://nvd.nist.gov/vuln/detail/CVE-2017-10672) + +## Outcomes +Our hackathon took place in Prague just before and during the start of IETF 99. Over the course of that weekend, we were able to complete the desired flow listed above. We had some key learnings, not the least of which is that we should attempt to focus our efforts heavily on wide-net collection and upon defining a robust evaluation/query language. We also wished we had the ability to filter for SWIDs of a particular shape. + + +### A Related Hackathon Effort +While we were working on our efforts described above, others in a cross section of SACM, MILE, and I2NSF were working on a YANG-push-based method of collection with downstream dissemination of collected information to an XMPP Grid. Roughly, their appraoch looked like the following. + +![XMPP Diagram](https://raw.githubusercontent.com/sacmwg/vulnerability-scenario/master/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png) + +### Integrating These Approaches +The following depicts a possible way forward for integrating these two efforts. The depiction below shows collection of software identification information from one endpoint using SWIMA (which is software identification over PT-TLS - it's not difficult to imagine other collection types going over PT-TLS). In this case, the SACM Collector are the StrongSWAN and PT-TLS Client working together. Similarly, collection from network equipment (target endpoints A and B in this diagram) may get to some SACM collector using YANG-push. Both SACM collectors could then publish that collected information to some XMPP-Grid Controller, in this case a broker. The endpoint repository of our hackathon effort (StrongTNC) would then receive the information, and our assessor (CIS-CAT Pro in our hackathon effort) would be able to query that information at will, each using the XMPP-Grid approach of disseminating downstream collection information. + +![Combined Diagram](https://raw.githubusercontent.com/sacmwg/vulnerability-scenario/master/ietf_99_hackathon/graphics/hackathon_deployment_combined.png) \ No newline at end of file diff --git a/ietf_99_hackathon/graphics/hackathon_deployment.graffle b/ietf_99_hackathon/graphics/hackathon_deployment.graffle index 87efdaf..1db61cf 100644 Binary files a/ietf_99_hackathon/graphics/hackathon_deployment.graffle and b/ietf_99_hackathon/graphics/hackathon_deployment.graffle differ diff --git a/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png b/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png new file mode 100644 index 0000000..abf9300 Binary files /dev/null and b/ietf_99_hackathon/graphics/hackathon_deployment_alternative.png differ diff --git a/ietf_99_hackathon/graphics/hackathon_deployment_combined.graffle b/ietf_99_hackathon/graphics/hackathon_deployment_combined.graffle new file mode 100644 index 0000000..f630b26 Binary files /dev/null and b/ietf_99_hackathon/graphics/hackathon_deployment_combined.graffle differ diff --git a/ietf_99_hackathon/graphics/hackathon_deployment_combined.png b/ietf_99_hackathon/graphics/hackathon_deployment_combined.png new file mode 100644 index 0000000..daca40b Binary files /dev/null and b/ietf_99_hackathon/graphics/hackathon_deployment_combined.png differ