vulnerability and exploit description and exchange format
play

Vulnerability and Exploit Description and Exchange Format (VEDEF) - PowerPoint PPT Presentation

Nov 23, 2022 •41 likes •251 views

IETF INCH WG Interim Meeting 13 th June 2004, Budapest HG Vulnerability and Exploit Description and Exchange Format (VEDEF) Ian Bryant Ian Bryant Head, NISCC Capability Development Group & Co-Chair, TF-CSIRT VEDEF WG NISCC NISCC IETF

  1. IETF INCH WG Interim Meeting 13 th June 2004, Budapest HG Vulnerability and Exploit Description and Exchange Format (VEDEF) Ian Bryant Ian Bryant Head, NISCC Capability Development Group & Co-Chair, TF-CSIRT VEDEF WG NISCC NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  2. Vulnerability & Exploit DEF  The Current Situation  Activities by TF-CSIRT WG  Proposed Way Ahead  Questions ? NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  3. The Current Situation NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  4. Description & Exchange Formats (DEFs)  Area of Information Security most ripe for standardisation is information sharing formats, ideally based on XML  Current thinking suggests that 4 Description & Exchange Formats (DEFs) are required:   IDDEF : Intrusion Detection PTDEF: Penetration DEF Testing DEF   Initial work being done by Covered by IETF IDWG Military (IDMEF)  OVAL  IODEF: Incident Object DEF  VEDEF: Vulnerability and  Being actively progressed by Exploit DEF IETF INCH  Multiple initiatives  Needs concerted development NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  5. Vulnerability and Exploit DEF  The de facto standard for storage of Vulnerability information is Mitre's Common Vulnerabilities and Exposures (CV  Mitre’s OVAL (Open Vulnerability Assessment Language) format aimed (approximately) at PTDEF  A Vulnerability and Exploit DEF (VEDEF) for CSIRT community is therefore needed  There are 5 existing initiatives in this area  Varying degrees of activity in their development  Being proposed by differing regions / communities  No real efforts towards their deconfliction NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  6. VEDEF – Current Initiatives Organisation Initiative Status EISPP* Common Format for Vulnerability FP5 funding expired Advisories January 2004 RUSCERT* Common Advisory Interchange Last updated during Format (CAIF) February 2004 OpenSec Advisory and Notification Markup Last updated during Language (ANML) January 2003 Application Vulnerability Description Last updated during April Language (AVDL) 2003 OASIS Classification Scheme for Web No progress since 1 st Security Vulnerabilities meeting June 2003 * Previous TF-CSIRT involvement NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  7. Basic Information Requirement  Description of the platform(s) affected  Description of the nature of the problem  Description of the likely impact if the Vulnerability and/or Exploit were, accidentally or maliciously, triggered  Available means of remediation  Disclosure restrictions NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  8. VEDEF Outline Deliverables Series of Documents establishing consolidated Best Practice for Vulnerability and/or Exploit description Functional requirements of data format for collaboration • between Vendors, CSIRTs, and end users Specification of the extensible, data language to • describes the data formats to satisfy the requirements Guidelines for implementing the WG data format, with a • set of sample Vulnerability and/or Exploit reports and their associate representation in the data language NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  9. Activities by TF-CSIRT WG NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  10. TF-CSIRT  European Task Force (TF) on Computer Security Incident Response Teams (CSIRT)  Created, and supported, by TERENA (Trans-European Research and Education Network Association – http:// www.terena.nl)  Membership heavily involved in generation of Incident Object Description and Exchange Format (IODEF)  Led to RFC3067  Working Group established to pursue VEDEF, co- chaired between NISCC and Cisco NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  11. TF-CSIRT VEDEF WG Status  Charter published  Review of external activities completed  EISPP  CMSI(I)  CAIF  IETF NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  12. VEDEF – Options with EISPP  Initial effort supported by EU  FP5 funding  Expired January 2004  Many of those involved with EISPP are also TF-CSIRT members  Version 2.0 of the XML Common Format for Vulnerability Advisories now published NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  13. VEDEF – Options with CMSI (I) Common Model of System Information  Produced by a group of TF-CSIRT members  Produces Machine Readable data  Proposes central repository of XML data structure  Proposes Vendors should maintain their own proprietary part of the model  Has been used in EISPP v2.0 NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  14. VEDEF – Relationship to CAIF  Briefed to TF-CSIRT by RUS-CERT (University of Stuttgart) in 2002  Largely dormant since  Became active again in February 2004  Updated version scheduled to be presented at FIRST Annual Conference in June 2004 NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  15. VEDEF – Options with IETF  Initial discussions held with Security Area Directors  Informal guidance is that IETF would not wish to charter new Working Group  Probable way ahead would be to use Extended Incident Handling (INCH)  Would require change to Charter → INCH WG Interim Meeting at FIRST Annual Conference NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  16. Proposed Way Ahead NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  17. Baseline for VEDEF Development  Select underlying Vulnerability Format to be developed  Needs to be evolved with :  CMSI(I) to formalise the System / Proprietary Information  Additional consideration of how to cover other (generic) Exploits types (e.g. Web Applications)  Ensure that (as far as practicable) nomenclature etc. is aligned with IODEF / RFC3067 NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  18. VEDEF – Next Steps  FIRST Annual Conference → INCH WG Ad Hoc Meeting (Sunday 13 th June)  Presentation on CAIF (Tuesday 15 th June)  Proposed Birds of Feather (BOF) on VEDEF (Tuesday 15 th June)  Activate TF-CSIRT Working Group to draft 1 st document (Requirements)  Agree Requirements document at September TF-CSIRT Meeting (Valetta MT) NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  19. Summary - VEDEF WG Project Plan Milestone Activity May-04 Agreement of "Best of Breed" candidates for development Jun-04 Presentations to IETF INCH and FIRST Sep-04 Initial Draft for TF-CSIRT of the requirements specification Oct-04 Initial Internet-Draft (I-D) of the requirements specification Nov-04 Submit requirements I-D to IESG as Informational Jan-05 Initial Draft for TF-CSIRT of the data language specification Feb-05 Initial I-D of the data language specification Mar-05 Submit data language specification I-D to IESG as Standard May-05 Initial Draft for TF-CSIRT of the implementation guidelines and examples document Jun-05 Initial I-D of the implementation guidelines Jul-05 Submit implementation guidelines I-D to IESG as Informational NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  20. Questions? NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

  21. Contact Details Ian Bryant Head of Capability Development NISCC PO Box 832, London, SW1P 1BG, England Telephone: +44-20-7821-1330 x 4565; Secretary +44-20-7821-1330 x 4561;Direct Facsimile : +44-20-7821-1686 Internet ianb@niscc.gov.uk http://www.niscc.gov.uk NISCC IETF INCH WG : 13 Jun 2004 VEDEF ( for TF-CSIRT )

Recommend

Format-String Vulnerability Instructor: Fengwei Zhang SUSTech CS 315 Computer Security 1

Format-String Vulnerability Instructor: Fengwei Zhang SUSTech CS 315 Computer Security 1

Format-String Vulnerability Instructor: Fengwei Zhang SUSTech CS 315 Computer Security 1 Outline Format String Access optional arguments How printf() works Format string attack How to exploit the vulnerability

617 views • 36 slides
IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This

IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This

IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This material is public :) Jan Meijer <jan.meijer@surfnet.nl> IODEF: what is it about? Problem statement: define a common data format for sharing

320 views • 9 slides
Extending the Charter: Addressing Vulnerability and Exploit Information Yurie Yurie I to I to

Extending the Charter: Addressing Vulnerability and Exploit Information Yurie Yurie I to I to

I ETF I NCH W orking Group Meeting 5 th August 2 0 0 4 , San Diego CA US Extending the Charter: Addressing Vulnerability and Exploit Information Yurie Yurie I to I to I an Bryant I an Bryant Liaison Manager Head, Capability Developm ent

389 views • 22 slides
at BalCCon2k17 METHODOLOGY FOR VULNERABILITY RESEARCH AND EXPLOIT DEVELOPMENT Presenter m-r

at BalCCon2k17 METHODOLOGY FOR VULNERABILITY RESEARCH AND EXPLOIT DEVELOPMENT Presenter m-r

at BalCCon2k17 METHODOLOGY FOR VULNERABILITY RESEARCH AND EXPLOIT DEVELOPMENT Presenter m-r Mane Piperevski BalCCon2k17 Novi Sad, Serbia 2017 WORLD OF BUGS BalCCon2k17 Novi Sad, Serbia 2017 HOW DIFFICULT IS VULNERABILITY RESEARCH? Learning

938 views • 19 slides
The Earth2Class Model for Professional Development Presentation Overview Program description and

The Earth2Class Model for Professional Development Presentation Overview Program description and

The Earth2Class Model for Professional Development Presentation Overview Program description and format Goals and benefits Website Sample Workshops Funding Program Description and Format Description: Unique science/math/technology program

160 views • 12 slides
Standard Cell Library/Library Exchange Format (LEF) Advanced VLSI Design CMPE 641 Library

Standard Cell Library/Library Exchange Format (LEF) Advanced VLSI Design CMPE 641 Library

Standard Cell Library/Library Exchange Format (LEF) Advanced VLSI Design CMPE 641 Library Exchange Format (LEF) An ASCII data format, used to describe a standard cell library Includes the design rules for routing and the Abstract of the cells,

457 views • 10 slides
Format String Vulnerabilities Most slides courtesy Wenliang Du @ Syracuse Univ. (with

Format String Vulnerabilities Most slides courtesy Wenliang Du @ Syracuse Univ. (with

Format String Vulnerabilities Most slides courtesy Wenliang Du @ Syracuse Univ. (with modifications) Outline Format String Access optional arguments How printf() works Format string attack How to exploit the

798 views • 35 slides
Dirty COW Race Condition Attack Outline Dirty COW vulnerability Memory Mapping using

Dirty COW Race Condition Attack Outline Dirty COW vulnerability Memory Mapping using

Dirty COW Race Condition Attack Outline Dirty COW vulnerability Memory Mapping using mmap() Map_shared, Map_Private Mapping Read-Only Files How to exploit? Dirty COW vulnerability Interesting case of the race

667 views • 24 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Cybersecurity in 2020 A Reflection on the Previous Decade & How to Prepare for the Next Tech

Cybersecurity in 2020 A Reflection on the Previous Decade & How to Prepare for the Next Tech

Cybersecurity in 2020 A Reflection on the Previous Decade & How to Prepare for the Next Tech Terms Vulnerability Payload Exploit Advanced Persistent Threat Zero Day Exploit Dark Web Malware 5G Technology

500 views • 17 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Zero Exploit Tolerance By Jamie Butler and Cody Pierce Confidential and Proprietary Who we are

Zero Exploit Tolerance By Jamie Butler and Cody Pierce Confidential and Proprietary Who we are

Zero Exploit Tolerance By Jamie Butler and Cody Pierce Confidential and Proprietary Who we are The exploit problem Modern software vulnerabilities Hardware-assisted exploit Agenda prevention Prior research

674 views • 45 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
An exchange format for multimodal annotations Thomas Schmidt, Susan Duncan, Oliver Ehmer,

An exchange format for multimodal annotations Thomas Schmidt, Susan Duncan, Oliver Ehmer,

An exchange format for multimodal annotations Thomas Schmidt, Susan Duncan, Oliver Ehmer, Jeffrey Hoyt, Michael Kipp, Dan Loehr, Magnus Magnusson, Travis Rose, Han Sloetjes Background International Society for Gesture Studies (ISGS)

555 views • 23 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide & inform frontline workers & decision makers on the relevance of vulnerability factors to

507 views • 19 slides
OpenBSD Remote Exploit Only two remote holes in the default install Alfredo A. Ortega June

OpenBSD Remote Exploit Only two remote holes in the default install Alfredo A. Ortega June

OpenBSD Remote Exploit Only two remote holes in the default install Alfredo A. Ortega June 30, 2007 Mbuf buffer overflow Buffer overflow Researching the OpenBSD 008: RELIABILITY FIX a new vulnerability was found: The m dup1()

587 views • 23 slides
Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides
Data Exchange Formats Data Manipulation in Python 1 / 7 Data Exchange Formats XML A

Data Exchange Formats Data Manipulation in Python 1 / 7 Data Exchange Formats XML A

Data Exchange Formats Data Manipulation in Python 1 / 7 Data Exchange Formats XML A verbose textual representation of trees JSON JavaScript Object notation like a Python dict 2 / 7 XML Format people.xml: <?xml

75 views • 7 slides
Project Zero Make 0day Hard The mission statement: Make 0day hard. The Project Zero team:

Project Zero Make 0day Hard The mission statement: Make 0day hard. The Project Zero team:

Project Zero Make 0day Hard The mission statement: Make 0day hard. The Project Zero team: Attack research. Vulnerability research Exploit development Exploit mitigations In public The philosophy: Offense guides defense. Good defense

419 views • 15 slides
aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies

aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies

Ein Blick in die Hexenkche der Exploit Entwickler aka Der Hacker und die 7 Geilein 27/03/2018 // Exploit Development for Dummies https://www.bee-itsecurity.at // Page 2 27/03/2018 // Exploit Development for Dummies

613 views • 48 slides
BioPAX - Biological Pathway Data Exchange Format Tutorial Gary Bader CCBR, University of

BioPAX - Biological Pathway Data Exchange Format Tutorial Gary Bader CCBR, University of

BioPAX - Biological Pathway Data Exchange Format Tutorial Gary Bader CCBR, University of Toronto BioPAX Workgroup www.biopax.org NETTAB June.12.2007.Pisa http://baderlab.org BioPAX Supporting Groups Current Participants Databases

582 views • 41 slides
Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos, and David Brumley

Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos, and David Brumley

Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos, and David Brumley Carnegie Mellon University 8/15/2011 1 Downloading Exploits I found a Exploit control flow hijack exploit online! Evil Ed Windows 7 8/15/2011 2

837 views • 58 slides

More recommend