ITU-T X 1550-2017 Access control models for incident exchange networks (Study Group 17).pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1550 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2017) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange Exchange of policies Access control models for incident ex

2、change networks Recommendation ITU-T X.1550 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OS

3、I NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiomet

4、rics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.119

5、9 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 PKI related Recommendations X.1340X.1349 Internet of things (IoT) secu

6、rity X.1360X.1369 Intelligent transportation system (ITS) security X.1370X.1379 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and informa

7、tion request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computin

8、g security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1550 (03/2017) i Recommendation ITU-T X.1550 Access control models for incident exchange networks Summary Recommendation ITU-T X.155

9、0 introduces existing approaches for implementing access control policies for incident exchange networks. This Recommendation introduces a variety of well-established access control models, sharing models as well as criteria for evaluating incident exchange network performance. Standards-based solut

10、ions are considered to facilitate implementation of different access control models within different cybersecurity information-sharing models and under diverse trust environments. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.1550 2017-03-30 17 11.1002/1000/13198 Keyword

11、s Access control, authorization, CERT, CSIRT, CYBEX, IAM, incident exchange network, incident response. * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/10

12、00/11830-en. ii Rec. ITU-T X.1550 (03/2017) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent

13、 organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes

14、the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards

15、are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommend

16、ation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are u

17、sed to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intelle

18、ctual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received

19、 notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/.

20、ITU 2017 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1550 (03/2017) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in th

21、is Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 General overview 3 7 Incident exchange network taxonomy 3 7.1 Operating environments . 3 7.2 Incidents information exchange models . 3 7.3 Access control models 4 7.4 Trust level . 5 8 Facilitation techniques for implementation o

22、f access control policies . 5 8.1 Recommendations on evaluating policy expression languages 5 8.2 Considerations on policy conflict resolution 6 8.3 Recommendations on performance evaluation 7 Bibliography. 9 Rec. ITU-T X.1550 (03/2017) 1 Recommendation ITU-T X.1550 Access control models for inciden

23、t exchange networks 1 Scope This Recommendation introduces existing approaches for implementing access control policies for computer incident exchange networks. This Recommendation introduces a variety of well-established access control models, sharing models as well as criteria for evaluating incid

24、ent exchange network performance. Standards-based solutions are considered to facilitate implementation of different access control models within different sharing models and under diverse trust environments. 2 References The following ITU-T Recommendations and other references contain provisions wh

25、ich, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of

26、applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. I

27、TU-T X.1500 Recommendation ITU-T X.1500 (2011), Overview of cybersecurity information exchange. ITU-T X.1570 Recommendation ITU-T X.1570 (2011), Discovery mechanisms in the exchange of cybersecurity information. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms d

28、efined elsewhere: 3.1.1 access control b-ITU-T X.1252: A procedure used to determine if an entity should be granted access to resources, facilities, services, or information based on pre-established rules and specific rights or authority associated with the requesting party. 3.1.2 authorization b-IT

29、U-T M.3345: It presents how, and under what conditions, self-service management actors can use self-service functions and what self-service actions they are permitted to perform. 3.1.3 incidents exchange ITU-T X.1570: The transfer of cybersecurity information between two or more cybersecurity entiti

30、es. This transfer may be uni-directional, bi-directional, or multi-directional, i.e., many-to-many. NOTE In this Recommendation, the term “incident exchange“ is considered equivalent to “exchange“. 3.1.4 trust domain b-ITU-T M.3410: A set of information and associated resources consisting of users,

31、networks, data repositories, and applications that manipulate the data in those data repositories. Different trust domains may share the same physical components. Also, a single trust domain may employ various levels of trust, depending on what the users need to know and the sensitivity of the infor

32、mation and associated resources. 2 Rec. ITU-T X.1550 (03/2017) 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 access control policy conflict: It defines the actions of two rules contradicting each other. The entity implementing the policy will not be

33、able to determine which action to perform. NOTE: This definition is based on the definition given for policy conflict in b-ITU-T X.1036. 3.2.2 dynamic policy conflict resolution: Conflict resolution strategies applied at runtime. 3.2.3 incidents exchange networks: Generalization of cybersecurity inf

34、ormation exchange (CYBEX) operational infrastructure based on centralized or federated management. 3.1.4 incidents information: Subset of cybersecurity information, structured information or knowledge concerning forensics related to incidents or events. NOTE This definition is based on the descripti

35、on given for “exchange (cybersecurity information)“ in b-ITU-T X.1570. 3.2.5 static policy conflict resolution: Conflict resolution strategies applied at the design stage. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: ABAC Attribute-Based Access Cont

36、rol ACL Access Control List CERT Computer Emergency Response Team CSIRT Computer Security Incident Response Team CYBEX Cybersecurity information Exchange DAC Discretionary Access Control IAM Identity and Access Management IODEF Incident Object Description Exchange Format IT Information Technology MA

37、C Mandatory Access Control PBAC Policy-Based Access Control PDP Policy Decision Point PERMIS Privilege and Role Management Infrastructure Standards RAdAC Risk-Adaptive Access Control RBAC Role-Based Access Control RID Real-time Inter-network Defense RIDT Real-time Inter-network Defense Transport STI

38、X Structured Threat Information Expression TAXII Trusted Automated Exchange of Indicator Information TBAC Task-Based Access Control TBAM Task-Based Access Management XACML extensible Access Control Markup Language Rec. ITU-T X.1550 (03/2017) 3 XML extensible Markup Language 5 Conventions In the cont

39、ext of this Recommendation, “access control“ is considered as a generic mechanism supporting authorization procedures. 6 General overview Risk mitigation may be required to decrease financial costs of mitigating computer attacks as well as to provide security assurance within an organization/collabo

40、ration or a service/system. Incident exchange networks operate to prevent or reduce risks associated with computer attacks. Cybersecurity incident exchange practices introduce a variety of information-sharing models that are implemented in centralized or federated environments. Incident information

41、sharing is based on a level of trust that correlates with associated risks and imposes the need to assure that confidential or sensitive information is not inappropriately shared. This makes some access control models more effective than others in terms of performance, implementation and security as

42、surance. The overall growth and mutual integration of global information systems has encouraged the development of advanced access control models that underlie authorization processes. Existing access control policy languages facilitate deployment of security policies and introduces challenges speci

43、fic to different access control models and operating environments. Mechanisms and approaches presented in this Recommendations may be used as profiles that provide access control policies implementation for underlying cybersecurity information exchange (CYBEX)-formats and transport protocols such as

44、 incident object description exchange format (IODEF) b-ITU-T X.1541, real-time inter-network defense (RID) b-ITU-T X.1580 + real-time inter-network defense transport (RIDT) b-ITU-T X.1581, structured threat information expression (STIX) b-stix+ trusted automated exchange of indicator information (T

45、AXII) b-taxii and others. 7 Incident exchange network taxonomy 7.1 Operating environments Incident exchange networks operate in the following environments: Single trust domain (centralized management); Federated trust domains (decentralized management). 7.2 Incidents information exchange models Inci

46、dent information exchange models are represented as follows: “Peer-to-peer“, uni- or bi-directional exchange of information between two participants. “Hub-spokes“. This type of model often has a central hub that receives data from the participating members (i.e., spokes). Either the hub can redistri

47、bute the incoming data directly to other members, or it can provide value-added services and send the new (and presumably more useful) information to the members. With this approach, the hub acts as a clearinghouse that can facilitate information sharing while protecting the identities of the member

48、s. A related challenge is that sharing information in this model requires a high degree of trust in the hub b-MITRE Models. “Post-to-all”. This model enables any participant to share with the entire membership roster, rather than going through a central hub. Because members share directly with one a

49、nother, information dissemination is quick and can be easily scaled to many participants. b-MITRE Models. 4 Rec. ITU-T X.1550 (03/2017) Based on these three models the following service-oriented models may be constructed: “Discovery-request-response“. This is a two-stage model, where at the first stage (optional) discovery mechanisms ITU-T X.1570 shall be used to identify centralized or distributed sources of incidents-related information. At the second stage consumers acquire infor