Resource-Oriented Lightweight Information Exchange (ROLIE)

Banghart, Stephen; Field, John P.; Waltermire, David

doi:10.17487/rfc8322

Cited by 4 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As of now, the ontology specification is still in early stages. Using the Resource-Oriented Lightweight Information Exchange (ROLIE) [66] format for incident response standardization is another option. The IETF RFC 8322 defines ROLIE to support exchange of various types of security information.…”

Section: G Other Approachesmentioning

confidence: 99%

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Schlette

Caselli

Pernul

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

IEEE Communications Surveys & Tutorials IEEE COMMUNICATIONS SURVEYS & TUTORIALS 2 followed by Detection & Analysis, Containment, Eradication & Recovery and concludes with Post-Incident Activity. It is worth mentioning that between the four phases feedback loops exist. Other incident handling process models (e.g., CERT/CC [24], ITIL [25], [26], [27]) are in line with the NIST incident response life cycle. Nevertheless, often incident response is narrowed down to only the Containment, Eradication & Recovery activities, whereas incident management and incident handling provide the larger reference framework [27], [21]. We follow this more precise approach and center on the pivotal activities of incident response. An elementary subarea in conjunction with incident response and its community is digital forensics. Digital forensics concerns data gathering and the detailed analysis of circumstances surrounding a security incident [26]. Within the NIST incident response life cycle, digital forensics mainly precedes the incident response action itself and can be attributed to Detection & Analysis. For our work, we separate between digital forensics and incident response and exclude the former. However, due to the nature of the analyzed data formats, there is at times overlap concerning investigative incident response activities. This situation leads to the focus of this survey described in Figure 2. The starting point of incident response and its standardization is hereby defined as trigger, alert, or event detected by an Intrusion Detection System (IDS), Security Information and Event Management (SIEM), or similar system, which then requires incident response actions. Also, CTI feeds, and structured threat reports are possible external starting points.

show abstract

Section: G Other Approachesmentioning

confidence: 99%

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Schlette

Caselli

Pernul

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…The Resource Orientated Lightweight Information Exchange (ROLIE) protocol [8] provides a standardized mechanism for an SCAP Content Repository that allows security automation content to be discovered, syndicated, and exchanged. ROLIE is a profile of the Atom Syndication Format [9] and the Atom Publication Protocol [10].…”

Section: Ietf Roliementioning

confidence: 99%

“…Once completed, the applicability language will be piloted as part of the National Vulnerability Database (NVD) vulnerability feeds. 1 • ROLIE Extensions: ROLIE, defined by RFC8322 [8] provides a standardized method to easily identify and retrieve vulnerability records, SWID tags, configuration setting checklists, and other security content to support vulnerability and configuration setting assessment. ROLIE provides a content syndication approach that allows software creators, vulnerability reporters, and configuration setting checklist developers to establish federated repositories of the security content they produce.…”

Section: Scap V2 Development Planmentioning

confidence: 99%

Transitioning to the Security Content Automation Protocol (SCAP) Version 2

Waltermire¹,

Fitzgerald-McKay²

2018

View full text Add to dashboard Cite

The Security Content Automation Protocol (SCAP) version 2 (v2) automates endpoint posture information collection and the incorporation of that information into network defense capabilities using standardized protocols. SCAP v2 expands the endpoint types supported by SCAP v1 through the explicit inclusion of network equipment, Internet of Things (IoT), and mobile devices in its scope. To automate self-reporting of posture information from endpoint machines, SCAP v2 will integrate with existing network management protocols that include the Internet Engineering Task Force (IETF) Network Endpoint Assessment (NEA) protocols. SCAP v2 will streamline SCAP content acquisition and reuse through its use of the IETF Resource Oriented Lightweight Information Exchange (ROLIE) protocol. Improvements to software version identification and the incorporation of patch information will be made by transitioning from the Common Platform Enumeration (CPE) to Software Identification (SWID) Tags. SCAP v2 provides component-level interoperability via a modular and extensible architecture. This white paper provides a gap analysis of SCAP v1 and an overview of how SCAP v2 will address these gaps; describes the SCAP 2.0 architecture; and provides a plan for completing the work necessary to finalize SCAP v2.

show abstract

“…Different from them, direct posting approach shares information without such entities. For instance, ROLIE publishes, shares, and exchanges security information as Web‐addressable resources by using Atom Publishing Protocol and Atom Syndication Format. Another such mechanism is XMPP‐based information publishing .…”

Section: Related Workmentioning

confidence: 99%

Web of cybersecurity: Linking, locating, and discovering structured cybersecurity information

Takahashi

Panta

Kadobayashi

et al. 2017

Int J Communication

View full text Add to dashboard Cite

SummaryCybersecurity is one of the main concerns of many organizations today, and accessibility to cybersecurity information in a timely manner is crucial to maintaining cybersecurity. Various repositories of cybersecurity-related information are publicly available on the Internet. However, users are unaware of many of them, and it is impractical for them to keep track of all of them. Cybersecurity information stored in these repositories must be able to be located and accessed by the parties who need it. To address this issue, this paper proposes a mechanism of linking, locating, and discovering various cybersecurity information to improve its accessibility in a timely manner. This mechanism allows us to locate various cybersecurity information having different schemata by generating metadata with which a list of cybersecurity information is managed. The information structure incorporated in this mechanism is unique, and it makes our mechanism flexible and extensible. The structure consists of categories and formats that are linked to each other. The mechanism can propagate information updates to minimize the risk of obsolete information. This paper also introduces a prototype of the mechanism to demonstrate its feasibility, and it analyzes the mechanism's extensibility, scalability, and information credibility. Through this study, we aim to improve the accessibility of cybersecurity information on the Internet and facilitate information sharing beyond organizational borders, with the eventual goal of creating a web of cybersecurity.

show abstract

Resource-Oriented Lightweight Information Exchange (ROLIE)

Cited by 4 publications

References 12 publications

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Transitioning to the Security Content Automation Protocol (SCAP) Version 2

Web of cybersecurity: Linking, locating, and discovering structured cybersecurity information

Contact Info

Product

Resources

About