wiki:CompSec-QSR-1Q2010

Version 1 (modified by Vic Thomas, 10 years ago) (diff)

--

CompSec Project Status Report

Period: Q1 2010 (Jan 1–Mar 31, 2010)

I. Major accomplishments

A. Milestones achieved

We created and disseminated for feedback

  1. the Catalog of Relevant Use Cases v0.1; and
  2. the Asset Valuation and Risk Assessment Report v0.1.

B. Deliverables made

The milestones were specifically the documents we delivered, as listed above.

II. Description of work performed during last quarter

A. Activities and findings

Work began by surveying all the documents and presentations about GENI that we could find, to get the best understanding of all stakeholders and components of the proposed test bed. We refined the stakeholder list a few times to group together stakeholders that really share a common interest. This list turned out to be very similar to the one developed by John-Paul Herron.

Next, we carefully reread all the documents about security, pulling out the existing use cases for operational security that were made both explicitly and implicitly. After grouping and categorizing those, we added many that we thought were missing from any existing documentation. For each of these use cases we listed some potential threats that could be realized, and made effort to tie the threats to stakeholders. All of this work was combined into the Catalog of Relevant Use Cases (Milestone 1) delivered in January.

For the second milestone we had to develop a set of assets, both tangible and not. We again started by rereading GENI architectural documents and searching for new ones. We created a huge list of everything mentioned that could be a potential GENI asset in the future, which we then organized into similar groups combining many items into one. After a few iterations of organization, we discussed the potential assets in detail and tied each one back to the most pertinent stakeholders.

Next we created a categorization of asset values: Critical, Important, Normal and Non-essential. After working through a few definitions so that these categories were as objective and mutually exclusive as possible, we created a table of assets where we tentatively assigned qualitative values. This information was all put into version 0.1 of the Asset Valuation and Risk Assessment report (Milestone 2).

We finished this report before the GEC 7, and emailed it to security and ops people requesting feedback. At the end of this quarter, we had only received feedback from BBN, which we then incorporated into version 0.2 of the report.

B. Project participants

Adam Slagell

C. Publications (individual and organizational)

The only related publications are the documents we created as the deliverables for our first 2 milestones.

D. Outreach activities

There have no been substantial out reach activities beyond those already within the GENI community.

E. Collaborations

Outside the GENI community, the only relevant collaboration has been with ICSI. We wrote a Bro proposal for the NSF’s SDCI program and brain-stormed about how Bro could be useful to operational security within GENI.

Other collaborations were just conversations and phone calls with other GENI partici-pants (e.g., Steve Schwabb and John-Paul Herron). These were mostly discussions about operational security.

F. Other Contributions

N/A