A Survey on Languages, Enumerations and Other Tools used for Security Information Communication and Sharing
A Survey on Languages, Enumerations and Other Tools used for Security Information Communication and Sharing
Gustavo Betarte, Alejandro Blanco, Marcelo Rodríguez
Grupo de Seguridad Informática, Facultad de Ingeniería, Universidad de la República
Uruguay
{gustun, ablanco, marcelor}@fing.edu.uy
Carlos Martínez-Cagnazzo, Eduardo Carozo
CSIRT-Antel, Administracion Nacional de Telecomunicaciones
Uruguay
{carlos.martinez, eduardo.carozo}@csirt-antel.com.uy
-
Abstract
All areas of knowledge related to computer, network and information security have been the subject of enormous interest in the last years. This interest comes not only from the academic community but from the general public as well, since many high-profile incidents involving data theft, identity theft and denial-of-service situations have grabbed headlines and threatened the confidence placed by the common user on the Internet as a whole.
Computer Security Incident Response Teams (CSIRTs) [BRO03] are widely regarded as a fundamental tool in the computer and information security landscape. These teams provide a dedicated and systematic look at security incidents. Fundamental in this model is the collaboration between different incident response teams.
Well-specified communication and specification languages help interacting teams share information without ambiguity. The OVAL ([MIT06],[OVA08]) (Open Vulnerability and Assessment Language) language for example standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment.
There are several well-established initiatives that leverage processes for the communication and sharing of security-related data. CVE (Common Vulnerabilities and Exposures)[CVE08] , for instance, is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration”. The CME (Common Malware Enumeration) [CME08] initiative, which is also managed and maintained by The MITRE Corporation, aims to provide single, common identifiers to new virus threats (i.e., malware) and to the most prevalent virus threats.
This work will present an introductory view to well-specified languages and enumerations used for communicating and sharing security-related data and information, including OVAL, CVE, CME and other related initiatives ([IOD08] , [IET08] ) and will motivate the role they may play in the environment of a operational CSIRT.
-
References
[BRO03] Handbook for Computer Security Incident Response Teams (CSIRTs). MJW Brown, D Stikvoort, KP Kossakowski. 2nd Edition: April 2003.
[MIT06] An Introduction to the OVAL Language. [en línea].
<http://oval.mitre.org/oval/documents/docs-06/an_introduction_to_the_oval_language.pdf> [Consulta: 14 de marzo de 2008]
[OVA08] Open Vulnerability and Assessment Language (OVAL), MITRE Corporation [en línea].
<http://oval.mitre.org/oval/about/index.html> [Consulta: 14 de marzo de 2008]
[CVE08] Common Vulnerabilities and Exposures (CVE), MITRE Corporation [en línea].
<http://cve.mitre.org/> [Consulta: 14 de marzo de 2008]
[CME08] Common Malware Enumeration (CME),MITRE Corporation [en línea].
< http://cme.mitre.org/> [Consulta: 14 de marzo de 2008]
[IOD08] Incident Object Description and Exchange Format Working Group (IODEF) [en línea].
<http://www.terena.org/activities/tf-csirt/iodef/> [Consulta: 14 de marzo de 2008]
[IET08] IETF Extended Incident Handling (INCH) Working Group [en línea].
<http://www.cert.org/ietf/inch/inch.html> [Consulta: 14 de marzo de 2008]
ts: 1224533699