Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x
Top   in Index   Prev   Next

TR 28.870
Study on Enablers for Security Monitoring

3GPP‑Page   CONTENT
V19.0.0 (Wzip)  2024/12  8 p.
Rapporteur:
Mr. Fernandes, Clifton
Nokia UK

Content for  TR 28.870  Word version:  19.0.0

Here   Top
1 Scope2 References3 Definitions of terms, symbols and abbreviations4 Concepts and background5 Use cases6 Conclusions and recommendations$ Change history

 

1  Scopep. 6

The present document presents a study on enablers for security monitoring.

2  Referencesp. 6

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.
  • References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
  • For a specific reference, subsequent revisions do not apply.
  • For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.
[1]
TR 21.905: "Vocabulary for 3GPP Specifications".
Up

3  Definitions of terms, symbols and abbreviationsp. 6

3.1  Termsp. 6

For the purposes of the present document, the terms given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

3.2  Symbolsp. 6

3.3  Abbreviationsp. 6

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

4  Concepts and backgroundp. 6

When a security breach is detected a security alarm is raised. This study investigates if the following aspects, that are relevant for security alarms, are provided by the currently specified alarming concept:
  • Filtering of security alarm notifications
  • Security alarm reporting
  • Retention policies for security alarms

5  Use casesp. 7

5.1  Use case #1: Filtering of security alarm notificationsp. 7

Security alarms are reported using the concept of notifications. To receive notifications a subscription needs to be established. As part of the subscription a filter can be specified that filters the content of the notification.
Filtering security alarm (notifications) is hence possible with the existing notification framework. Enhancements are not required.

5.2  Use case #2: Security alarm reportingp. 7

Security alarms are reported using the concept of notifications. A reporting mechanism for security alarms is hence available. Enhancements are not required.

5.3  Use case #3: Retention policies for security alarmsp. 7

5.3.1  Descriptionp. 7

Security alarms are maintained, like any other alarm type, in an alarm list. Alarms are removed from this list, when they are cleared and acknowledged. There is no standardized way to keep inactive alarms in the alarm list or in some other store, nor is there a way to specify the retention time of inactive alarms.

5.3.2  Potential requirementsp. 7

Req-1:
The 3GPP Management system should retain and store inactive (security) alarms.
Req-2:
The 3GPP management system should allow MnS consumers to specify the retention time of inactive (security) alarms.
Req-3:
The 3GPP Management system should allow MnS consumers to retrieve stored inactive (security) alarms.

5.3.3  Potential solutionsp. 7

All inactive alarms should be retained, not only security alarms. Therefore, a general solution for retaining all alarm types should be devised.
It is proposed to do this work in the context of the SBMA enablers enhancement work in Rel-20.

6  Conclusions and recommendationsp. 7

It is proposed to work on solutions to retain inactive alarms for later retrieval in Rel-20.

$  Change historyp. 8

Up   Top