idnits 2.17.1 draft-hares-i2nsf-capability-data-model-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 194 has weird spacing: '...cn-name strin...' == Line 213 has weird spacing: '...cn-name strin...' == Line 218 has weird spacing: '...cn-name strin...' == Line 223 has weird spacing: '...cn-name strin...' == Line 228 has weird spacing: '...cn-name strin...' == (32 more instances...) -- The document date (July 3, 2017) is 2479 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '2015' on line 178 Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Hares 3 Internet-Draft Huawei 4 Intended status: Standards Track J. Jeong 5 Expires: January 4, 2018 J. Kim 6 Sungkyunkwan University 7 R. Moskowitz 8 HTT Consulting 9 L. Xia 10 Huawei 11 July 3, 2017 13 I2NSF Capability YANG Data Model 14 draft-hares-i2nsf-capability-data-model-03 16 Abstract 18 This document defines a YANG data model for capabilities that enables 19 an I2NSF user to control various network security functions in 20 network security devices via an I2NSF security controller. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on January 4, 2018. 39 Copyright Notice 41 Copyright (c) 2017 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 58 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 60 4. High-Level YANG . . . . . . . . . . . . . . . . . . . . . . . 4 61 4.1. Capabilities per NSF . . . . . . . . . . . . . . . . . . 4 62 4.2. Network Security Control . . . . . . . . . . . . . . . . 4 63 4.3. Content Security Control . . . . . . . . . . . . . . . . 5 64 4.4. Attack Mitigation Control . . . . . . . . . . . . . . . . 7 65 4.5. Information on Capabilities . . . . . . . . . . . . . . . 9 66 4.6. Location for Capabilities . . . . . . . . . . . . . . . . 10 67 4.7. IT Resources linked to Capabilities . . . . . . . . . . . 10 68 4.8. Actions . . . . . . . . . . . . . . . . . . . . . . . . . 11 69 5. YANG Modules . . . . . . . . . . . . . . . . . . . . . . . . 11 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 71 7. Security Considerations . . . . . . . . . . . . . . . . . . . 34 72 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34 73 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 74 9.1. Normative References . . . . . . . . . . . . . . . . . . 34 75 9.2. Informative References . . . . . . . . . . . . . . . . . 34 76 Appendix A. Changes from draft-hares-i2nsf-capability-data- 77 model-01 . . . . . . . . . . . . . . . . . . . . . . 36 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 80 1. Introduction 82 [i2nsf-problem-statement] proposes two different types of interfaces: 84 o Interface between I2NSF user and I2NSF security controller called 85 I2NSF consumer-facing interface 87 o Interface between I2NSF security controller and network security 88 functions (NSFs) called I2NSF NSF-facing interface 90 This document provides a YANG model that defines the capabilities for 91 security devices that can be utilized by I2NSF NSF-facing interface 92 between the I2NSF security controller and the NSF devices to express 93 the capabilities of NSF devices. This YANG model can also be used by 94 the IN2SF user (or I2NSF client) to provide a complete list of the 95 I2NSF capabilities that can be controlled by the security controller. 96 This document defines a YANG [RFC6020] data model based on the 98 [i2nsf-nsf-cap-im]. Terms used in document are defined in 99 [i2nsf-terminology]. [i2nsf-nsf-cap-im] defines the following type 100 of functionality in NSFs. 102 o Network Security Control 104 o Content Security Control 106 o Attack Mitigation Control 108 This document contains high-level YANG for each type of control. 110 2. Requirements Language 112 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 113 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 114 document are to be interpreted as described in [RFC2119]. 116 3. Terminology 118 This document uses the terminology described in [i2nsf-nsf-cap-im] 119 [i2rs-rib-data-model][supa-policy-info-model]. Especially, the 120 following terms are from [supa-policy-info-model]: 122 o Data Model: A data model is a representation of concepts of 123 interest to an environment in a form that is dependent on data 124 repository, data definition language, query language, 125 implementation language, and protocol. 127 o Information Model: An information model is a representation of 128 concepts of interest to an environment in a form that is 129 independent of data repository, data definition language, query 130 language, implementation language, and protocol. 132 3.1. Tree Diagrams 134 A simplified graphical representation of the data model is used in 135 this document. The meaning of the symbols in these diagrams 136 [i2rs-rib-data-model] is as follows: 138 o Brackets "[" and "]" enclose list keys. 140 o Abbreviations before data node names: "rw" means configuration 141 (read-write) and "ro" state data (read-only). 143 o Symbols after data node names: "?" means an optional node and "*" 144 denotes a "list" and "leaf-list". 146 o Parentheses enclose choice and case nodes, and case nodes are also 147 marked with a colon (":"). 149 o Ellipsis ("...") stands for contents of subtrees that are not 150 shown. 152 4. High-Level YANG 154 This section provides an overview of the high-level YANG. 156 4.1. Capabilities per NSF 158 The high-level YANG capabilities per NSF devices, controller, or 159 application is the following: 161 module : ietf-i2nsf-capability 162 +--rw sec-ctl-capabilities 163 +--rw nsf-capabilities* [nsf-capabilities-id] 164 +--rw nsf-capabilities-id uint 8 165 +--rw net-sec-control-capabilities 166 | uses i2nsf-net-sec-control-caps 167 +--rw con-sec-control-capabilities 168 | uses i2nsf-con-sec-control-caps 169 +--rw attack-mitigation-capabilities 170 | uses i2nsf-attack-mitigation-control-caps 172 Figure 1: High-Level YANG of I2NSF Capability Interface 174 Each of these section mirror sections in: [i2nsf-nsf-cap-im]. The 175 high-level YANG for net-sec-control-capabilities, con-sec-control- 176 capabilities, and attack-mitigation-capabilities. This draft also 177 utilizes the concepts originated in Basile, Lioy, Pitscheider, and 178 Zhao[2015] concerning conflict resolution, use of external data, and 179 IT-Resources. The authors are grateful to Cataldo for pointing out 180 this excellent work. 182 4.2. Network Security Control 184 This section expands the 185 +--rw net-sec-control-capabilities 186 | uses i2nsf-net-sec-control-caps 188 Network Security Control 190 +--rw i2nsf-net-sec-control-caps 191 +--rw network-security-control 192 +--rw nsc-support? boolean 193 +--rw nsc-fcn* [nsc-fcn-name] 194 +--rw nsc-fcn-name string //std or vendor name 195 | uses capabilities-information 197 Figure 2: High-Level YANG of Network Security Control 199 4.3. Content Security Control 201 This section expands the 203 +--rw net-sec-control-capabilities 204 | uses i2nsf-con-sec-control-caps 206 Content Security Control 208 +--rw i2nsf-con-sec-control-caps 209 +--rw content-security-control 210 +--rw antivirus 211 | +--rw antivirus-support? boolean 212 | +--rw antivirus-fcn* [antivirus-fcn-name] 213 | +--rw antivirus-fcn-name string //std or vendor name 214 | uses capabilities-information 215 +--rw ips 216 | +--rw ips-support? boolean 217 | +--rw ips-fcn* [ips-fcn-name] 218 | +--rw ips-fcn-name string //std or vendor name 219 | uses capabilities-information 220 +--rw ids 221 | +--rw ids-support? boolean 222 | +--rw ids-fcn* [ids-fcn-name] 223 | +--rw ids-fcn-name string //std or vendor name 224 | uses capabilities-information 225 +--rw url-filter 226 | +--rw url-filter-support? boolean 227 | +--rw url-filter-fcn* [url-filter-fcn-name] 228 | +--rw url-filter-fcn-name string //std or vendor name 229 | uses capabilities-information 230 +--rw data-filter 231 | +--rw data-filter-support? boolean 232 | +--rw data-filter-fcn* [data-filter-fcn-name] 233 | +--rw data-filter-fcn-name string //std or vendor name 234 | uses capabilities-information 235 +--rw mail-filter 236 | +--rw mail-filter-support? boolean 237 | +--rw mail-filter-fcn* [mail-filter-fcn-name] 238 | +--rw mail-filter-fcn-name string //std or vendor name 239 | uses capabilities-information 240 +--rw dns-filter 241 | +--rw dns-filter-support? boolean 242 | +--rw dns-filter-fcn* [dns-filter-name] 243 | +--rw dns-filter-fcn-name string //std or vendor name 244 | uses capabilities-information 245 +--rw ftp-filter 246 | +--rw ftp-filter-support? boolean 247 | +--rw ftp-filter-fcn* [ftp-filter-fcn-name] 248 | +--rw ftp-filter-fcn-name string //std or vendor name 249 | uses capabilities-information 250 +--rw games-filter 251 | +--rw games-filter-support? boolean 252 | +--rw games-filter-fcn* [games-filter-fcn-name] 253 | +--rw games-filter-fcn-name string //std or vendor name 254 | uses capabilities-information 255 +--rw p2p-filter 256 | +--rw p2p-filter-support? boolean 257 | +--rw p2p-filter-fcn* [p2p-filter-fcn-name] 258 | +--rw p2p-filter-fcn-name string //std or vendor name 259 | uses capabilities-information 260 +--rw rpc-filter 261 | +--rw rpc-filter-support? boolean 262 | +--rw rpc-filter-fcn* [rpc-filter-fcn-name] 263 | +--rw rpc-filter-fcn-name string //std or vendor name 264 | uses capabilities-information 265 +--rw sql-filter 266 | +--rw sql-filter-support? boolean 267 | +--rw sql-filter-fcn* [sql-filter-fcn-name] 268 | +--rw sql-filter-fcn-name string //std or vendor name 269 | uses capabilities-information 270 +--rw telnet-filter 271 | +--rw telnet-filter-support? boolean 272 | +--rw telnet-filter-fcn* [telnet-filter-fcn-name] 273 | +--rw telnet-filter-fcn-name string //std or vendor name 274 | uses capabilities-information 275 +--rw tftp-filter 276 | +--rw tftp-filter-support? boolean 277 | +--rw tftp-filter-fcn* [tftp-filter-fcn-name] 278 | +--rw tftp-filter-fcn-name string //std or vendor name 279 | uses capabilities-information 280 +--rw file-blocking 281 | +--rw file-blocking-support? boolean 282 | +--rw file-blocking-fcn* [file-blocking-fcn-name] 283 | +--rw file-blocking-fcn-name string //std or vendor name 284 | uses capabilities-information 285 +--rw pkt-capture 286 | +--rw pkt-capture-support? boolean 287 | +--rw pkt-capture-fcn* [pkt-capture-fcn-name] 288 | +--rw pkt-capture-fcn-name string //std or vendor name 289 | uses capabilities-information 290 +--rw app-control 291 | +--rw app-control-support? boolean 292 | +--rw app-control-fcn* [app-control-fcn-name] 293 | +--rw app-control-fcn-name string //std or vendor name 294 | uses capabilities-information 295 +--rw voip-volte 296 +--rw voip-volte-support? boolean 297 +--rw voip-volte-fcn* [voip-volte-fcn-name] 298 +--rw voip-volte-fcn-name string //std or vendor name 299 uses capabilities-information 301 Figure 3: High-Level YANG of Content Security Control 303 4.4. Attack Mitigation Control 305 The high-level YANG below expands the following section of the top- 306 level model: 308 +--rw attack-mitigation-control-capabilities 309 | uses i2nsf-attack-mitigation-control-caps 311 Attack Mitigation Control 313 +--rw i2nsf-attack-mitigation-control-caps 314 +--rw attack-mitigation-control 315 +--rw (attack-mitigation-control-type)? 316 +--: (ddos-attack) 317 | +--rw (ddos-attack-type)? 318 | +--: (network-layer-ddos-attack) 319 | | +--rw network-layer-ddos-attack-types 320 | | +--rw syn-flood-attack 321 | | | +--rw syn-flood-attack-support? boolean 322 | | | +--rw syn-flood-fcn* [syn-flood-fcn-name] 323 | | | +--rw syn-flood-fcn-name string 324 | | | uses capabilities-information 325 | | +--rw udp-flood-attack 326 | | | +--rw udp-flood-attack-support? boolean 327 | | | +--rw udp-flood-fcn* [udp-flood-fcn-name] 328 | | | +--rw udp-flood-fcn-name string 329 | | | uses capabilities-information 330 | | +--rw icmp-flood-attack 331 | | | +--rw icmp-flood-attack-support? boolean 332 | | | +--rw icmp-flood-fcn* [icmp-flood-fcn-name] 333 | | | +--rw icmp-flood-fcn-name string 334 | | | uses capabilities-information 335 | | +--rw ip-fragment-flood-attack 336 | | | +--rw ip-fragment-flood-attack-support? boolean 337 | | | +--rw ip-frag-flood-fcn* [ip-frag-flood-fcn-name] 338 | | | +--rw ip-frag-flood-fcn-name string 339 | | | uses capabilities-information 340 | | +--rw ipv6-related-attack 341 | | +--rw ipv6-related-attack-support? boolean 342 | | +--rw ipv6-related-fcn* [ipv6-related-fcn-name] 343 | | +--rw ipv6-related-fcn-name string 344 | | uses capabilities-information 345 | +--: (app-layer-ddos-attack) 346 | +--rw app-layer-ddos-attack-types 347 | +--rw http-flood-attack 348 | | +--rw http-flood-attack-support? boolean 349 | | +--rw http-flood-fcn* [http-flood-fcn-name] 350 | | +--rw http-flood-fcn-name string 351 | | uses capabilities-information 352 | +--rw https-flood-attack 353 | | +--rw https-flood-attack-support? boolean 354 | | +--rw https-flood-fcn* [https-flood-fcn-name] 355 | | +--rw https-flood-fcn-name string 356 | | uses capabilities-information 357 | +--rw dns-flood-attack 358 | | +--rw dns-flood-attack-support? boolean 359 | | +--rw dns-flood-fcn* [dns-flood-fcn-name] 360 | | +--rw dns-flood-fcn-name string 361 | | uses capabilities-information 362 | +--rw dns-amp-flood-attack 363 | | +--rw dns-amp-flood-attack-support? boolean 364 | | +--rw dns-amp-flood-fcn* [dns-amp-flood-fcn-name] 365 | | +--rw dns-amp-flood-fcn-name string 366 | | uses capabilities-information 367 | +--rw ssl-ddos-attack 368 | +--rw ssl-ddos-attack-support? boolean 369 | +--rw ssl-ddos-fcn* [ssl-ddos-fcn-name] 370 | +--rw ssl-ddos-fcn-name string 371 | uses capabilities-information 372 +--: (single-packet-attack) 373 +--rw (single-packet-attack-type)? 374 +--: (scan-and-sniff-attack) 375 | +--rw ip-sweep-attack 376 | | +--rw ip-sweep-attack-support? boolean 377 | | +--rw ip-sweep-fcn* [ip-sweep-fcn-name] 378 | | +--rw ip-sweep-fcn-name string 379 | | uses capabilities-information 380 | +--rw port-scanning-attack 381 | +--rw port-scanning-attack-support? boolean 382 | +--rw port-scanning-fcn* [port-scanning-fcn-name] 383 | +--rw port-scanning-fcn-name string 384 | uses capabilities-information 385 +--: (malformed-packet-attack) 386 | +--rw ping-of-death-attack 387 | | +--rw ping-of-death-attack-support? boolean 388 | | +--rw ping-of-death-fcn* [ping-of-death-fcn-name] 389 | | +--rw ping-of-death-fcn-name string 390 | | uses capabilities-information 391 | +--rw teardrop-attack 392 | +--rw teardrop-attack-support? boolean 393 | +--rw tear-drop-fcn* [tear-drop-fcn-name] 394 | +--rw tear-drop-fcn-name string 395 | uses capabilities-information 396 +--: (special-packet-attack) 397 +--rw oversized-icmp-attack 398 | +--rw oversized-icmp-attack-support? boolean 399 | +--rw oversized-icmp-fcn* [oversized-icmp-fcn-name] 400 | +--rw oversized-icmp-fcn-name string 401 | uses capabilities-information 402 +--rw tracert-attack 403 +--rw tracert-attack-support? boolean 404 +--rw tracert-fcn* [tracert-fcn-name] 405 +--rw tracert-fcn-name string 406 uses capabilities-information 408 Figure 4: High-Level YANG of Attack Mitigation Control 410 4.5. Information on Capabilities 412 This section provides information on capabilities. This section has 413 information on capabilities location and IT resources. Additional 414 input is needed. 416 Capabilities Information 418 +--rw capabilities-information 419 +--rw nsf-location 420 | uses i2nsf-nsf-location 421 +--rw it-resources 422 uses i2nsf-it-resources 424 Figure 5: High-Level YANG of Information on Capabilities 426 4.6. Location for Capabilities 428 This section provides location for capabilities. This section has 429 location for capabilities. Additional input is needed. 431 +--rw nsf-location 432 | uses i2nsf-nsf-location 434 NSF Location 436 +--rw i2nsf-nsf-location 437 +--rw nsf-address 438 +--rw (nsf-address-type)? 439 +--:(ipv4-address) 440 | +--rw ipv4-address inet:ipv4-address 441 +--:(ipv6-address) 442 +--rw ipv6-address inet:ipv6-address 444 Figure 6: High-Level YANG of Capabilities Location 446 4.7. IT Resources linked to Capabilities 448 This section provides a link between capabilities and IT resources. 449 This section has a list of IT resources by name. Additional input is 450 needed. 452 +--rw it-resource 453 | uses i2nsf-it-resources 455 It Resource 457 +--rw i2nsf-it-resources 458 +--rw it-resources* [it-resource-id] 459 +--rw it-resource-id uint64 460 +--rw it-resource-name string 462 Figure 7: High-Level YANG of IT Resources 464 4.8. Actions 466 Notifications indicate when rules are added or deleted. These 467 notifications will be defined later. 469 5. YANG Modules 471 This section introduces a YANG module for the information model of 472 I2NSF capability interface, as defined in the [i2nsf-nsf-cap-im]. 474 file "ietf-i2nsf-capability@2017-07-03.yang" 476 module ietf-i2nsf-capability { 477 namespace 478 "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; 479 prefix 480 i2nsf-capability; 482 import ietf-inet-types{ 483 prefix inet; 484 } 486 organization 487 "IETF I2NSF (Interface to Network Security Functions) 488 Working Group"; 490 contact 491 "WG Web: 492 WG List: 494 WG Chair: Adrian Farrel 495 497 WG Chair: Linda Dunbar 498 500 Editor: Susan Hares 501 503 Editor: Jaehoon Paul Jeong 504 506 Editor: Jinyong Tim Kim 507 "; 509 description 510 "This module describes a capability model 511 for I2NSF devices."; 513 revision "2017-07-03"{ 514 description "The second revision"; 515 reference 516 "draft-xibassnez-i2nsf-capability-01 517 draft-hares-i2nsf-capability-data-model-02"; 518 } 520 container sec-ctl-capabilities { 521 description 522 "sec-ctl-capabilities"; 523 } 525 grouping i2nsf-nsf-location { 526 description 527 "This provides a location for capabilities."; 528 container nsf-address { 529 description 530 "This is location information for capabilities."; 531 choice nsf-address-type { 532 description 533 "nsf address type: ipv4 and ipv4"; 534 case ipv4-address { 535 description 536 "ipv4 case"; 537 leaf ipv4-address { 538 type inet:ipv4-address; 539 mandatory true; 540 description 541 "nsf address type is ipv4"; 542 } 543 } 544 case ipv6-address { 545 description 546 "ipv6 case"; 547 leaf ipv6-address { 548 type inet:ipv6-address; 549 mandatory true; 550 description 551 "nsf address type is ipv6"; 552 } 553 } 554 } 555 } 556 } 558 grouping i2nsf-it-resources { 559 description 560 "This provides a link between capabilities 561 and IT resources. This has a list of IT resources 562 by name."; 563 list it-resources { 564 key "it-resource-id"; 565 description 566 "it-resource"; 567 leaf it-resource-id { 568 type uint64; 569 mandatory true; 570 description 571 "it-resource-id"; 572 } 573 leaf it-resource-name { 574 type string; 575 mandatory true; 576 description 577 "it-resource-name"; 578 } 579 } 580 } 582 grouping capabilities-information { 583 description 584 "This includes information of capabilities."; 585 uses i2nsf-nsf-location; 586 uses i2nsf-it-resources; 587 } 589 grouping i2nsf-net-sec-control-caps { 590 description 591 "i2nsf-net-sec-control-caps"; 592 container network-security-control { 593 description 594 "i2nsf-net-sec-control-caps"; 595 leaf nsc-support { 596 type boolean; 597 mandatory true; 598 description 599 "nsc-support"; 600 } 601 list nsc-fcn { 602 key "nsc-fcn-name"; 603 description 604 "nsc-fcn"; 605 leaf nsc-fcn-name { 606 type string; 607 mandatory true; 608 description 609 "nsc-fcn-name"; 610 } 611 uses capabilities-information; 612 } 613 } 614 } 616 grouping i2nsf-con-sec-control-caps { 617 description 618 "i2nsf-con-sec-control-caps"; 620 container content-security-control { 621 description 622 "content-security-control"; 624 container antivirus { 625 description 626 "antivirus"; 628 leaf antivirus-support { 629 type boolean; 630 mandatory true; 631 description 632 "antivirus-support"; 633 } 634 list antivirus-fcn-name { 635 key "antivirus-fcn-name"; 636 description 637 "antivirus-fcn-name"; 639 leaf antivirus-fcn-name { 640 type string; 641 mandatory true; 642 description 643 "antivirus-fcn-name"; 644 } 645 uses capabilities-information; 646 } 647 } 649 container ips { 650 description 651 "ips"; 653 leaf ips-support { 654 type boolean; 655 mandatory true; 656 description 657 "ips-support"; 658 } 659 list ips-fcn { 660 key "ips-fcn-name"; 661 description 662 "ips-fcn"; 664 leaf ips-fcn-name { 665 type string; 666 mandatory true; 667 description 668 "ips-fcn-name"; 669 } 670 uses capabilities-information; 671 } 672 } 674 container ids { 675 description 676 "ids"; 678 leaf ids-support { 679 type boolean; 680 mandatory true; 681 description 682 "ids-support"; 683 } 684 list ids-fcn { 685 key "ids-fcn-name"; 686 description 687 "ids-fcn"; 689 leaf ids-fcn-name { 690 type string; 691 mandatory true; 692 description 693 "ids-fcn-name"; 694 } 695 uses capabilities-information; 696 } 697 } 699 container url-filter { 700 description 701 "url-filter"; 703 leaf url-filter-support { 704 type boolean; 705 mandatory true; 706 description 707 "url-filter-support"; 708 } 709 list url-filter-fcn { 710 key "url-filter-fcn-name"; 711 description 712 "url-filter-fcn"; 714 leaf url-filter-fcn-name { 715 type string; 716 mandatory true; 717 description 718 "url-filter-fcn-name"; 719 } 720 uses capabilities-information; 721 } 722 } 724 container data-filter { 725 description 726 "data-filter"; 728 leaf data-filter-support { 729 type boolean; 730 mandatory true; 731 description 732 "data-filter-support"; 733 } 734 list data-filter-fcn { 735 key "data-filter-fcn-name"; 736 description 737 "data-filter-fcn"; 739 leaf data-filter-fcn-name { 740 type string; 741 mandatory true; 742 description 743 "data-filter-fcn-name"; 744 } 745 uses capabilities-information; 746 } 747 } 749 container mail-filter { 750 description 751 "mail-filter"; 753 leaf mail-filter-support { 754 type boolean; 755 mandatory true; 756 description 757 "mail-filter-support"; 758 } 759 list mail-filter-fcn { 760 key "mail-filter-fcn-name"; 761 description 762 "mail-filter-fcn"; 764 leaf mail-filter-fcn-name { 765 type string; 766 mandatory true; 767 description 768 "mail-filter-fcn-name"; 769 } 770 uses capabilities-information; 771 } 772 } 774 container dns-filter { 775 description 776 "dns-filter"; 778 leaf dns-filter-support { 779 type boolean; 780 mandatory true; 781 description 782 "dns-filter-support"; 783 } 784 list dns-filter-fcn { 785 key "dns-filter-fcn-name"; 786 description 787 "dns-filter-fcn"; 789 leaf dns-filter-fcn-name { 790 type string; 791 mandatory true; 792 description 793 "dns-filter-fcn-name"; 794 } 795 uses capabilities-information; 796 } 797 } 799 container ftp-filter { 800 description 801 "ftp-filter"; 803 leaf ftp-filter-support { 804 type boolean; 805 mandatory true; 806 description 807 "ftp-filter-support"; 808 } 809 list ftp-filter-fcn { 810 key "ftp-filter-fcn-name"; 811 description 812 "ftp-filter-fcn"; 814 leaf ftp-filter-fcn-name { 815 type string; 816 mandatory true; 817 description 818 "ftp-filter-fcn-name"; 819 } 820 uses capabilities-information; 821 } 822 } 824 container games-filter { 825 description 826 "games-filter"; 828 leaf games-filter-support { 829 type boolean; 830 mandatory true; 831 description 832 "games-filter-support"; 834 } 835 list games-filter-fcn { 836 key "games-filter-fcn-name"; 837 description 838 "games-filter-fcn"; 840 leaf games-filter-fcn-name { 841 type string; 842 mandatory true; 843 description 844 "games-filter-fcn-name"; 845 } 846 uses capabilities-information; 847 } 848 } 850 container p2p-filter { 851 description 852 "p2p-filter"; 854 leaf p2p-filter-support { 855 type boolean; 856 mandatory true; 857 description 858 "p2p-filter-support"; 859 } 860 list p2p-filter-fcn { 861 key "p2p-filter-fcn-name"; 862 description 863 "p2p-filter-fcn"; 865 leaf p2p-filter-fcn-name { 866 type string; 867 mandatory true; 868 description 869 "p2p-filter-fcn-name"; 870 } 871 uses capabilities-information; 872 } 873 } 875 container rpc-filter { 876 description 877 "rpc-filter"; 879 leaf rpc-filter-support { 880 type boolean; 881 mandatory true; 882 description 883 "rpc-filter-support"; 884 } 885 list rpc-filter-fcn { 886 key "rpc-filter-fcn-name"; 887 description 888 "rpc-filter-fcn"; 890 leaf rpc-filter-fcn-name { 891 type string; 892 mandatory true; 893 description 894 "rpc-filter-fcn-name"; 895 } 896 uses capabilities-information; 897 } 898 } 900 container sql-filter { 901 description 902 "sql-filter"; 904 leaf sql-filter-support { 905 type boolean; 906 mandatory true; 907 description 908 "sql-filter-support"; 909 } 910 list sql-filter-fcn { 911 key "sql-filter-fcn-name"; 912 description 913 "sql-filter-fcn"; 915 leaf sql-filter-fcn-name { 916 type string; 917 mandatory true; 918 description 919 "sql-filter-fcn-name"; 920 } 921 uses capabilities-information; 922 } 923 } 925 container telent-filter { 926 description 927 "telent-filter"; 929 leaf telent-filter-support { 930 type boolean; 931 mandatory true; 932 description 933 "telent-filter-support"; 934 } 935 list telent-filter-fcn { 936 key "telent-filter-fcn-name"; 937 description 938 "telent-filter-fcn"; 940 leaf telent-filter-fcn-name { 941 type string; 942 mandatory true; 943 description 944 "telent-filter-fcn-name"; 945 } 946 uses capabilities-information; 947 } 948 } 950 container tftp-filter { 951 description 952 "tftp-filter"; 954 leaf tftp-filter-support { 955 type boolean; 956 mandatory true; 957 description 958 "tftp-filter-support"; 959 } 960 list tftp-filter-fcn { 961 key "tftp-filter-fcn-name"; 962 description 963 "tftp-filter-fcn"; 965 leaf tftp-filter-fcn-name { 966 type string; 967 mandatory true; 968 description 969 "tftp-filter-fcn-name"; 970 } 971 uses capabilities-information; 972 } 973 } 975 container file-blocking { 976 description 977 "file-blocking"; 979 leaf file-blocking-support { 980 type boolean; 981 mandatory true; 982 description 983 "file-blocking-support"; 984 } 985 list file-blocking-fcn { 986 key "file-blocking-fcn-name"; 987 description 988 "file-blocking-fcn"; 990 leaf file-blocking-fcn-name { 991 type string; 992 mandatory true; 993 description 994 "file-blocking-fcn-name"; 995 } 996 uses capabilities-information; 997 } 998 } 1000 container file-isolate { 1001 description 1002 "file-isolate"; 1004 leaf file-isolate-support { 1005 type boolean; 1006 mandatory true; 1007 description 1008 "file-isolate-support"; 1009 } 1010 list file-isolate-fcn { 1011 key "file-isolate-fcn-name"; 1012 description 1013 "file-isolate-fcn"; 1015 leaf file-isolate-fcn-name { 1016 type string; 1017 mandatory true; 1018 description 1019 "file-isolate-fcn-name"; 1020 } 1021 uses capabilities-information; 1022 } 1023 } 1025 container pkt-capture { 1026 description 1027 "pkt-capture"; 1029 leaf pkt-capture-support { 1030 type boolean; 1031 mandatory true; 1032 description 1033 "pkt-capture-support"; 1034 } 1035 list pkt-capture-fcn { 1036 key "pkt-capture-fcn-name"; 1037 description 1038 "pkt-capture-fcn"; 1040 leaf pkt-capture-fcn-name { 1041 type string; 1042 mandatory true; 1043 description 1044 "pkt-capture-fcn-name"; 1045 } 1046 uses capabilities-information; 1047 } 1048 } 1050 container app-control { 1051 description 1052 "app-control"; 1054 leaf app-control-support { 1055 type boolean; 1056 mandatory true; 1057 description 1058 "app-control-support"; 1059 } 1060 list app-control-fcn { 1061 key "app-control-fcn-name"; 1062 description 1063 "app-control-fcn"; 1065 leaf app-control-fcn-name { 1066 type string; 1067 mandatory true; 1068 description 1069 "app-control-fcn-name"; 1070 } 1071 uses capabilities-information; 1072 } 1073 } 1074 container voip-volte { 1075 description 1076 "voip-volte"; 1078 leaf voip-volte-support { 1079 type boolean; 1080 mandatory true; 1081 description 1082 "voip-volte-support"; 1083 } 1084 list voip-volte-fcn { 1085 key "voip-volte-fcn-name"; 1086 description 1087 "voip-volte-fcn"; 1089 leaf voip-volte-fcn-name { 1090 type string; 1091 mandatory true; 1092 description 1093 "voip-volte-fcn-name"; 1094 } 1095 uses capabilities-information; 1096 } 1097 } 1098 } 1099 } 1101 grouping i2nsf-attack-mitigation-control-caps { 1102 description 1103 "i2nsf-attack-mitigation-control-caps"; 1105 container attack-mitigation-control { 1106 description 1107 "attack-mitigation-control"; 1108 choice attack-mitigation-control-type { 1109 description 1110 "attack-mitigation-control-type"; 1111 case ddos-attack { 1112 description 1113 "ddos-attack"; 1114 choice ddos-attack-type { 1115 description 1116 "ddos-attack-type"; 1117 case network-layer-ddos-attack { 1118 description 1119 "network-layer-ddos-attack"; 1120 container network-layer-ddos-attack-types { 1121 description 1122 "network-layer-ddos-attack-type"; 1123 container syn-flood-attack { 1124 description 1125 "syn-flood-attack"; 1126 leaf syn-flood-attack-support { 1127 type boolean; 1128 mandatory true; 1129 description 1130 "syn-flood-attack-support"; 1131 } 1132 list syn-flood-fcn { 1133 key "syn-flood-fcn-name"; 1134 description 1135 "syn-flood-fcn"; 1136 leaf syn-flood-fcn-name { 1137 type string; 1138 mandatory true; 1139 description 1140 "syn-flood-fcn-name"; 1141 } 1142 uses capabilities-information; 1143 } 1144 } 1145 container udp-flood-attack { 1146 description 1147 "udp-flood-attack"; 1148 leaf udp-flood-attack-support { 1149 type boolean; 1150 mandatory true; 1151 description 1152 "udp-flood-attack-support"; 1153 } 1154 list udp-flood-fcn { 1155 key "udp-flood-fcn-name"; 1156 description 1157 "udp-flood-fcn"; 1158 leaf udp-flood-fcn-name { 1159 type string; 1160 mandatory true; 1161 description 1162 "udp-flood-fcn-name"; 1163 } 1164 uses capabilities-information; 1165 } 1166 } 1167 container icmp-flood-attack { 1168 description 1169 "icmp-flood-attack"; 1171 leaf icmp-flood-attack-support { 1172 type boolean; 1173 mandatory true; 1174 description 1175 "icmp-flood-attack-support"; 1176 } 1177 list icmp-flood-fcn { 1178 key "icmp-flood-fcn-name"; 1179 description 1180 "icmp-flood-fcn"; 1181 leaf icmp-flood-fcn-name { 1182 type string; 1183 mandatory true; 1184 description 1185 "icmp-flood-fcn-name"; 1186 } 1187 uses capabilities-information; 1188 } 1189 } 1190 container ip-fragment-flood-attack { 1191 description 1192 "ip-fragment-flood-attack"; 1193 leaf ip-fragment-flood-attack-support { 1194 type boolean; 1195 mandatory true; 1196 description 1197 "ip-fragment-flood-attack-support"; 1198 } 1199 list frag-flood-fcn { 1200 key "ip-frag-flood-fcn-name"; 1201 description 1202 "frag-flood-fcn"; 1203 leaf ip-frag-flood-fcn-name { 1204 type string; 1205 mandatory true; 1206 description 1207 "ip-frag-flood-fcn-name"; 1208 } 1209 uses capabilities-information; 1210 } 1211 } 1212 container ipv6-related-attack { 1213 description 1214 "ipv6-related-attack"; 1215 leaf ipv6-related-attack-support { 1216 type boolean; 1217 mandatory true; 1218 description 1219 "ipv6-related-attack-support"; 1220 } 1221 list ipv6-related-fcn { 1222 key "ipv6-related-fcn-name"; 1223 description 1224 "ipv6-related-fcn"; 1225 leaf ipv6-related-fcn-name { 1226 type string; 1227 mandatory true; 1228 description 1229 "ipv6-related-fcn-name"; 1230 } 1231 uses capabilities-information; 1232 } 1233 } 1234 } 1235 } 1236 case app-layer-ddos-attack { 1237 description 1238 "app-layer-ddos-attack"; 1239 container app-layer-ddos-attack-types { 1240 description 1241 "app-layer-ddos-attack-types"; 1242 container http-flood-attack { 1243 description 1244 "http-flood-attack"; 1245 leaf http-flood-attack-support { 1246 type boolean; 1247 mandatory true; 1248 description 1249 "http-flood-attack-support"; 1250 } 1251 list http-flood-fcn { 1252 key "http-flood-fcn-name"; 1253 description 1254 "http-flood-fcn"; 1255 leaf http-flood-fcn-name { 1256 type string; 1257 mandatory true; 1258 description 1259 "http-flood-fcn-name"; 1260 } 1261 uses capabilities-information; 1262 } 1263 } 1264 container https-flood-attack { 1265 description 1266 "https-flood-attack"; 1268 leaf https-flood-attack-support { 1269 type boolean; 1270 mandatory true; 1271 description 1272 "https-flood-attack-support"; 1273 } 1274 list https-flood-fcn { 1275 key "https-flood-fcn-name"; 1276 description 1277 "https-flood-fcn"; 1278 leaf https-flood-fcn-name { 1279 type string; 1280 mandatory true; 1281 description 1282 "https-flood-fcn-name"; 1283 } 1284 uses capabilities-information; 1285 } 1286 } 1287 container dns-flood-attack { 1288 description 1289 "dns-flood-attack"; 1290 leaf dns-flood-attack-support { 1291 type boolean; 1292 mandatory true; 1293 description 1294 "dns-flood-attack-support"; 1295 } 1296 list dns-flood-fcn { 1297 key "dns-flood-fcn-name"; 1298 description 1299 "dns-flood-fcn"; 1300 leaf dns-flood-fcn-name { 1301 type string; 1302 mandatory true; 1303 description 1304 "dns-flood-fcn-name"; 1305 } 1306 uses capabilities-information; 1307 } 1308 } 1309 container dns-amp-flood-attack { 1310 description 1311 "dns-amp-flood-attack"; 1312 leaf dns-flood-attack-support { 1313 type boolean; 1314 mandatory true; 1315 description 1316 "dns-flood-attack-support"; 1317 } 1318 list dns-amp-flood-fcn { 1319 key "dns-amp-flood-fcn-name"; 1320 description 1321 "dns-amp-flood-fcn"; 1322 leaf dns-amp-flood-fcn-name { 1323 type string; 1324 mandatory true; 1325 description 1326 "dns-amp-flood-fcn-name"; 1327 } 1328 uses capabilities-information; 1329 } 1330 } 1331 container ssl-ddos-attack { 1332 description 1333 "ssl-ddos-attack"; 1334 leaf ssl-ddos-attack-support { 1335 type boolean; 1336 mandatory true; 1337 description 1338 "ssl-ddos-attack-support"; 1339 } 1340 list ssl-ddos-fcn { 1341 key "ssl-ddos-fcn-name"; 1342 description 1343 "ssl-ddos-fcn"; 1344 leaf ssl-ddos-fcn-name { 1345 type string; 1346 mandatory true; 1347 description 1348 "ssl-ddos-fcn-name"; 1349 } 1350 uses capabilities-information; 1351 } 1352 } 1353 } 1354 } 1355 } 1356 } 1358 case single-packet-attack { 1359 description 1360 "single-packet-attack"; 1361 choice single-packet-attack-type { 1362 description 1363 "single-packet-attack-type"; 1365 case scan-and-sniff-attack { 1366 description 1367 "scan-and-sniff-attack"; 1368 container ip-sweep-attack { 1369 description 1370 "ip-sweep-attack"; 1371 leaf ip-sweep-attack-suppor { 1372 type boolean; 1373 mandatory true; 1374 description 1375 "ip-sweep-attack-suppor"; 1376 } 1377 list ip-sweep-fcn { 1378 key "ip-sweep-fcn-name"; 1379 description 1380 "ip-sweep-fcn"; 1381 leaf ip-sweep-fcn-name { 1382 type string; 1383 mandatory true; 1384 description 1385 "ip-sweep-fcn-name"; 1386 } 1387 uses capabilities-information; 1388 } 1389 } 1390 container port-scanning-attack { 1391 description 1392 "port-scanning-attack"; 1393 leaf port-scanning-attack-support { 1394 type boolean; 1395 mandatory true; 1396 description 1397 "port-scanning-attack-support"; 1398 } 1399 list port-scanning-fcn { 1400 key "port-scanning-fcn-name"; 1401 description 1402 "port-scanning-fcn"; 1403 leaf port-scanning-fcn-name { 1404 type string; 1405 mandatory true; 1406 description 1407 "port-scanning-fcn-name"; 1408 } 1409 uses capabilities-information; 1410 } 1411 } 1412 } 1413 case malformed-packet-attack { 1414 description 1415 "malformed-packet-attack"; 1416 container ping-of-death-attack { 1417 description 1418 "ping-of-death-attack"; 1419 leaf ping-of-death-attack-support { 1420 type boolean; 1421 mandatory true; 1422 description 1423 "ping-of-death-attack-support"; 1424 } 1425 list ping-of-death-fcn { 1426 key "ping-of-death-fcn-name"; 1427 description 1428 "ping-of-death-fcn"; 1429 leaf ping-of-death-fcn-name { 1430 type string; 1431 mandatory true; 1432 description 1433 "ping-of-death-fcn-name"; 1434 } 1435 uses capabilities-information; 1436 } 1437 } 1438 container teardrop-attack { 1439 description 1440 "teardrop-attack"; 1441 leaf teardrop-attack-support { 1442 type boolean; 1443 mandatory true; 1444 description 1445 "teardrop-attack-support"; 1446 } 1447 list tear-drop-fcn { 1448 key "tear-drop-fcn-name"; 1449 description 1450 "tear-drop-fcn"; 1451 leaf tear-drop-fcn-name { 1452 type string; 1453 mandatory true; 1454 description 1455 "tear-drop-fcn-name"; 1456 } 1457 uses capabilities-information; 1458 } 1459 } 1460 } 1461 case special-packet-attack { 1462 description 1463 "special-packet-attack"; 1464 container oversized-icmp-attack { 1465 description 1466 "oversized-icmp-attack"; 1467 leaf oversized-icmp-attack-support { 1468 type boolean; 1469 mandatory true; 1470 description 1471 "oversized-icmp-attack-support"; 1472 } 1473 list oversized-icmp-fcn { 1474 key "oversized-icmp-fcn-name"; 1475 description 1476 "oversized-icmp-fcn"; 1477 leaf oversized-icmp-fcn-name { 1478 type string; 1479 mandatory true; 1480 description 1481 "oversized-icmp-fcn-name"; 1482 } 1483 uses capabilities-information; 1484 } 1485 } 1486 container tracert-attack { 1487 description 1488 "tracert-attack"; 1489 leaf tracert-attack-support { 1490 type boolean; 1491 mandatory true; 1492 description 1493 "tracert-attack-support"; 1494 } 1495 list tracert-fcn { 1496 key "tracert-fcn-name"; 1497 description 1498 "tracert-fcn"; 1499 leaf tracert-fcn-name { 1500 type string; 1501 mandatory true; 1502 description 1503 "tracert-fcn-name"; 1504 } 1505 uses capabilities-information; 1506 } 1507 } 1508 } 1510 } 1511 } 1512 } 1513 } 1514 } 1516 list nsf-capabilities { 1517 key "nsf-capabilities-id"; 1518 description 1519 "nsf-capabilities"; 1520 leaf nsf-capabilities-id { 1521 type uint8; 1522 mandatory true; 1523 description 1524 "nsf-capabilities-id"; 1525 } 1527 container net-sec-control-capabilities { 1528 uses i2nsf-net-sec-control-caps; 1529 description 1530 "net-sec-control-capabilities"; 1531 } 1532 container con-sec-control-capabilities { 1533 uses i2nsf-con-sec-control-caps; 1534 description 1535 "con-sec-control-capabilities"; 1536 } 1537 container attack-mitigation-capabilities { 1538 uses i2nsf-attack-mitigation-control-caps; 1539 description 1540 "attack-mitigation-capabilities"; 1541 } 1542 } 1543 } 1545 1547 Figure 8: Data Model of I2NSF Capability Interface 1549 6. IANA Considerations 1551 No IANA considerations exist for this document at this time. URL 1552 will be added. 1554 7. Security Considerations 1556 This document introduces no additional security threats and SHOULD 1557 follow the security requirements as stated in [i2nsf-framework]. 1559 8. Acknowledgments 1561 This work was supported by Institute for Information & communications 1562 Technology Promotion (IITP) grant funded by the Korea government 1563 (MSIP) (No.R-20160222-002755, Cloud based Security Intelligence 1564 Technology Development for the Customized Security Service 1565 Provisioning). 1567 This document has greatly benefited from inputs by Daeyoung Hyun, 1568 Dongjin Hong, Hyoungshick Kim, Jung-Soo Park, Tae-Jin Ahn, and Se-Hui 1569 Lee. 1571 9. References 1573 9.1. Normative References 1575 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1576 Requirement Levels", BCP 14, RFC 2119, March 1997. 1578 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 1579 Network Configuration Protocol (NETCONF)", RFC 6020, 1580 October 2010. 1582 9.2. Informative References 1584 [i2nsf-framework] 1585 Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. 1586 Kumar, "Framework for Interface to Network Security 1587 Functions", draft-ietf-i2nsf-framework-05 (work in 1588 progress), May 2017. 1590 [i2nsf-nsf-cap-im] 1591 Xia, L., Strassner, J., Basile, C., and D. Lopez, 1592 "Information Model of NSFs Capabilities", draft-xibassnez- 1593 i2nsf-capability-01 (work in progress), March 2017. 1595 [i2nsf-problem-statement] 1596 Hares, S., Lopez, D., Zarny, M., Jacquenet, C., Kumar, R., 1597 and J. Jeong, "I2NSF Problem Statement and Use cases", 1598 draft-ietf-i2nsf-problem-and-use-cases-16 (work in 1599 progress), May 2017. 1601 [i2nsf-terminology] 1602 Hares, S., Strassner, J., Lopez, D., Xia, L., and H. 1603 Birkholz, "Interface to Network Security Functions (I2NSF) 1604 Terminology", draft-ietf-i2nsf-terminology-03 (work in 1605 progress), March 2017. 1607 [i2rs-rib-data-model] 1608 Wang, L., Ananthakrishnan, H., Chen, M., Dass, A., Kini, 1609 S., and N. Bahadur, "A YANG Data Model for Routing 1610 Information Base (RIB)", draft-ietf-i2rs-rib-data-model-07 1611 (work in progress), January 2017. 1613 [supa-policy-info-model] 1614 Strassner, J., Halpern, J., and S. Meer, "Generic Policy 1615 Information Model for Simplified Use of Policy 1616 Abstractions (SUPA)", draft-ietf-supa-generic-policy-info- 1617 model-03 (work in progress), May 2017. 1619 Appendix A. Changes from draft-hares-i2nsf-capability-data-model-01 1621 The following changes are made from draft-hares-i2nsf-capability- 1622 data-model-01: 1624 o This draft is revised to support the acquisition of the 1625 information of NSFs such as an NSF's IP address and resources 1626 related to capabilities. 1628 o To support the capability information, location, and resources of 1629 an NSF, container component is replaced with grouping component. 1631 Authors' Addresses 1633 Susan Hares 1634 Huawei 1635 7453 Hickory Hill 1636 Saline, MI 48176 1637 USA 1639 Phone: +1-734-604-0332 1640 EMail: shares@ndzh.com 1642 Jaehoon Paul Jeong 1643 Department of Software 1644 Sungkyunkwan University 1645 2066 Seobu-Ro, Jangan-Gu 1646 Suwon, Gyeonggi-Do 16419 1647 Republic of Korea 1649 Phone: +82 31 299 4957 1650 Fax: +82 31 290 7996 1651 EMail: pauljeong@skku.edu 1652 URI: http://iotlab.skku.edu/people-jaehoon-jeong.php 1654 Jinyong Tim Kim 1655 Department of Computer Engineering 1656 Sungkyunkwan University 1657 2066 Seobu-Ro, Jangan-Gu 1658 Suwon, Gyeonggi-Do 16419 1659 Republic of Korea 1661 Phone: +82 10 8273 0930 1662 EMail: timkim@skku.edu 1663 Robert Moskowitz 1664 HTT Consulting 1665 Oak Park, MI 1666 USA 1668 Phone: +1-248-968-9809 1669 EMail: rgm@htt-consult.com 1671 Liang Xia (Frank) 1672 Huawei 1673 101 Software Avenue, Yuhuatai District 1674 Nanjing, Jiangsu 1675 China 1677 EMail: Frank.xialiang@huawei.com