1、 International Telecommunication Union ITU-T Series XTELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 20(04/2013) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.1205 Supplement on framework of security information sharing negotiation ITU-T X-series Recommendations
2、 Supplement 20 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPEC
3、TS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPL
4、ICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cyberse
5、curity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state excha
6、nge X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. X series
7、Supplement 20 (04/2013) i Supplement 20 to ITU-T X-series Recommendations ITU-T X.1205 Supplement on framework of security information sharing negotiation Summary This Supplement to Recommendation ITU-T X.1205 provides a framework for negotiating agreement on security information sharing between cyb
8、ersecurity entities such as information requester and information provider. This Supplement defines functional capabilities and a reference model for security information sharing negotiation, conceptual data modelling of security information sharing agreement (SSA), security information sharing poli
9、cy (SSP) and the SSA negotiation process. History Edition Recommendation Approval Study Group 1.0 ITU-T X Suppl. 20 2013-04-26 17 ii X series Supplement 20 (04/2013) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications,
10、information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on
11、a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid dow
12、n in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the expression “Administration“ is used for conciseness to indicate both a telecommunication adm
13、inistration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the publication is achieved when all of these mandatory provisions
14、are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the publication is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the pos
15、sibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the pu
16、blication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. However, implementers are cautioned that this may not represent the latest information and a
17、re therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. X series Supplement 20 (04/2013) iii Table of Contents Pa
18、ge 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Supplement 1 4 Abbreviations and acronyms 1 5 Conventions 2 6 Introduction 2 6.1 Concept of security information sharing negotiation . 2 6.2 Relationship with other CYBEX Recommendations . 3 7 Functi
19、onal capabilities for security information sharing negotiation . 4 7.1 Negotiation capabilities 4 7.2 Agreement capabilities . 4 7.3 Security capabilities 4 8 Reference model of security information negotiation 5 9 Life cycle and data model of SSA 6 9.1 Life cycle of SSA . 6 9.2 Structure of SSA . 7
20、 10 Process of SSA negotiation 8 10.1 SSA negotiating messages 8 10.2 SSA negotiating scenarios 9 Appendix I The example of security information sharing negotiation . 14 I.1 Negotiation between the security management server and security agent . 14 Bibliography. 16 X series Supplement 20 (04/2013) 1
21、 Supplement 20 to ITU-T X-series Recommendations ITU-T X.1205 Supplement on framework of security information sharing negotiation 1 Scope This Supplement provides a framework for security information sharing negotiation to develop cybersecurity information exchange contracts between entities. The sc
22、ope of the negotiation framework includes the functional capabilities and reference model for security information sharing negotiation, conceptual data modelling of a security information sharing agreement (SSA), security information sharing policy (SSP) and a SSA negotiation process. 2 References N
23、one. 3 Definitions 3.1 Terms defined elsewhere This Supplement uses the following term defined elsewhere: 3.1.1 cybersecurity b-ITU-T X.1205: Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best pr
24、actices, assurance and technologies that can be used to protect the cyber environment and organization and users assets. Organization and users assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted a
25、nd/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and users assets against relevant security risks in the cyber environment. The general security objectives comprise Availability, Integrity
26、 (which may include authenticity and non-repudiation) and Confidentiality. 3.2 Terms defined in this Supplement This Supplement defines the following terms: 3.2.1 security information sharing agreement (SSA): A service contract on security information sharing between entities. SSA is translated into
27、 a security information sharing policy (SSP) to be applied to the corresponding cybersecurity entities. 3.2.2 security information sharing policy (SSP): A policy for cybersecurity entities to observe when sharing security information with each other. The SSP is made based on an SSA. 3.2.3 SSA negoti
28、ation: Interaction for entities to negotiate SSA before starting cybersecurity information sharing. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: CYBEX Cybersecurity Information Exchange EMS Enterprise Management System IDMEF Intrusion Detection Message
29、Exchange Format IODEF Incident Object Description and Exchange Format 2 X series Supplement 20 (04/2013) SSA Security information Sharing Agreement SSP Security information Sharing Policy TMS Threat Management System 5 Conventions None. 6 Introduction 6.1 Concept of security information sharing nego
30、tiation b-ITU-T X.1500 defines a cybersecurity information exchange (CYBEX) model and techniques that can be used to facilitate the exchange of cybersecurity information between entities. An entity in the context of this Supplement is an information requester or information provider. Entities may be
31、 an independent organization or person, and as such, they have individual requirements on cybersecurity information sharing. X suppl.20(13)_F6-1Independent domain-BIndependent domain-ASharing requirement -ACybersecurityentity CybersecurityinformationSharingCybersecurityinformationCybersecurityinform
32、ationCybersecurityentityAgreementNegotiationSharing requirement -BNegotiationAgreementUserUserIndependent domain-CSharing requirement -CCybersecurityentityUserNegotiationAgreementFigure 6-1 Basic concept of security information sharing negotiation Examples of requirements and restrictions on cyberse
33、curity information sharing include: when to start and stop cybersecurity information sharing; what cybersecurity information to share (e.g., DoS detection log, botnet alert, black list, computer security incident, network traffic); what sharing level is appropriate (e.g., raw data sharing or statist
34、ical data sharing); X series Supplement 20 (04/2013) 3 appropriate protection requirements for information at different sensitivity levels (storage and transfer); appropriate protection requirements for regulated data; who the data may be shared with or disseminated to; liabilities in the event of a
35、 security incident or mishandling of information; and minimum requirements on technical standards for the secure exchange of data using CYBEX techniques, etc. Therefore entities that participate in cybersecurity information sharing need to negotiate an agreement with each other before they begin exc
36、hanging cybersecurity information. This Supplement describes a framework for security information sharing negotiation of a cybersecurity information exchange contract between entities. The negotiation framework focuses on functional capabilities and a reference model for security information sharing
37、 negotiation, conceptual data modelling of security information sharing agreement (SSA), security information sharing policy (SSP) and the SSA negotiation process. 6.2 Relationship with other CYBEX Recommendations A cybersecurity information sharing procedure basically involves three entities: an in
38、formation requester (referred to as retriever in b-ITU-T X.1570), an information provider (referred to as source in b-ITU-T X.1570) and a directory. An information requester requests information and the information provider provides the requested information to the information requester. The directo
39、ry registers the metadata of the information providers information and helps the information requester find a proper information provider. If the information requester and information provider have an existing relationship, the directory may only be used to validate information about the other entit
40、y. The typical process for cybersecurity information sharing consists of three phases: Discovery (information provider discovery), Negotiation (information sharing negotiation), and Exchange (information exchange). The first phase is Discovery, where the information requester finds the list of infor
41、mation providers that can provide the desired information. The second phase is Negotiation, where the information requester negotiates the service level for information sharing with the information provider selected through the Discovery phase. Finally the information provider provides the informati
42、on requester with information according to the service contract developed in the Negotiation phase. Next follows the Exchange phase. X suppl.20(13)_F6-2Informationrequester DirectoryInformationproviderDiscovery phaseof information providerNegotiation phaseon information sharingExchange phaseof infor
43、mationFigure 6-2 Three phases of cybersecurity information sharing 4 X series Supplement 20 (04/2013) The Discovery phase and Exchange phase are handled by b-ITU-T X.1570 and b-ITU-T X.1500, respectively. This Supplement focuses on the Negotiation phase. 7 Functional capabilities for security inform
44、ation sharing negotiation The functional capability for security information sharing negotiation between entities is divided into three categories: negotiation capabilities, agreement capabilities and security capabilities. The capabilities below are essential unless indicated as optional. 7.1 Negot
45、iation capabilities In this clause, the capabilities for security information sharing negotiation are elaborated from the negotiation aspect. 1) Primary negotiation capability: The requirement for negotiating and establishing an agreement on security information sharing dynamically is as follows: a)
46、 Information requester may be able to specify and request new service for security information sharing with its information provider. b) Information provider may be able to communicate its acceptance or rejection of a requested service with the information requester. c) Information requester may be
47、able to accept or reject a security information sharing service proposed by the information provider. d) Information requester and information provider may be able to modify the accepted service and re-negotiate with the corresponding entity. (optional) 2) Agreement enforcement capability: The infor
48、mation provider may be able to provide the information requester with a security information sharing service according to the agreement negotiated between the information requester and the information provider. 3) Agreement monitoring capability: The information requester and the information provide
49、r may be able to monitor the agreement negotiated between them to confirm if the information sharing service is fulfilled according to the agreement. 7.2 Agreement capabilities In this clause, the capabilities for security information sharing negotiation are elaborated from the agreement aspect. 1) Extendibility: The protocol format for agreement on security information sharing may have extensibility to meet the various kinds of requirements on security information sharing
