Version 4.36, 2012-11-07
Report a bug |
IODEF-extension to support structured cybersecurity information
|
Active Internet-Draft (mile WG) | |
Document Stream: | IETF |
Last updated: | 2012-10-15 |
Replaces: | draft-takahashi-mile-sci |
Intended RFC status: | (None) |
Other versions: | plain text, pdf, html |
IETF State: | WG Document (mile) |
Document shepherd: | |
IESG State>: | I-D Exists |
Responsible AD: | (None) |
Send notices to: | No addresses provided |
MILE Working Group T. Takahashi Internet-Draft NICT Intended status: Standards Track K. Landfield Expires: April 18, 2013 McAfee T. Millar USCERT Y. Kadobayashi NAIST Oct 15, 2012 IODEF-extension to support structured cybersecurity information draft-ietf-mile-sci-05.txt Abstract This document extends the Incident Object Description Exchange Format (IODEF) defined in RFC 5070 [RFC5070] to exchange enriched cybersecurity information among cybersecurity entities and facilitate their operations. It provides the capability of embedding structured information, such as identifier- and XML-based information. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 18, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Takahashi, et al. Expires April 18, 2013 [Page 1] Internet-Draft IODEF-ext-sci Oct 2012 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Extension Definition . . . . . . . . . . . . . . . . . . . . . 4 4.1. IANA Table for Structured Cybersecurity Information . . . 4 4.2. Extended Data Types . . . . . . . . . . . . . . . . . . . 5 4.2.1. XMLDATA . . . . . . . . . . . . . . . . . . . . . . . 5 4.3. Extended Classes . . . . . . . . . . . . . . . . . . . . . 5 4.3.1. AttackPattern . . . . . . . . . . . . . . . . . . . . 6 4.3.2. Platform . . . . . . . . . . . . . . . . . . . . . . . 8 4.3.3. Vulnerability . . . . . . . . . . . . . . . . . . . . 9 4.3.4. Scoring . . . . . . . . . . . . . . . . . . . . . . . 11 4.3.5. Weakness . . . . . . . . . . . . . . . . . . . . . . . 12 4.3.6. EventReport . . . . . . . . . . . . . . . . . . . . . 13 4.3.7. Verifcation . . . . . . . . . . . . . . . . . . . . . 15 4.3.8. Remediation . . . . . . . . . . . . . . . . . . . . . 16 5. Mandatory to Implement features . . . . . . . . . . . . . . . 17 6. Security Considerations . . . . . . . . . . . . . . . . . . . 18 6.1. Transport-Specific Concerns . . . . . . . . . . . . . . . 18 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 8. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 20 9. Appendix I: XML Schema Definition for Extension . . . . . . . 20 10. Appendix II: Candidate Specifications for the IANA Table . . . 25 11. Appendix III: An XML Example . . . . . . . . . . . . . . . . . 28 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30 12.1. Normative References . . . . . . . . . . . . . . . . . . . 30 12.2. Informative References . . . . . . . . . . . . . . . . . . 31 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33 Takahashi, et al. Expires April 18, 2013 [Page 2]