5G SBP: KubeArmor + SEDIMENT
...
Introduction
What is SEDIMENT? SEDIMENT (SEcure DIstributed IoT ManagemENT) uses a combination of software root of trust, remote attestation, and resource-efficient cryptography, to build a system that scales across heterogeneous computing platforms. The aim is to provide secure remote attestation framework that can be leveraged for lightweight devices.
...
- Visibility into SEDIMENT application behavior
- Identify the process forking behavior of the application
- Identify sensitive asset access of SEDIMENT
- Identify network access required by SEDIMENT
- Protection policies for Gateway deploying SEDIMENT Verifier.
- Process Whitelisting: Do not allow processes to execute within SEDIMENT container outside of the given spec.
- Network Access: Only allow SEDIMENT binaries to use the network primitives
- Check SEDIMENT configuration files and create a security net around SEDIMENT’s sensitive assets.
- Use host hardening policies to protect host.
Tasks/Action Items
Task | Description | Status | ETA | Owner |
Document | For arch, sys requirements, deployment model etc | WIP | 20th April 2023 | AccuKnox to create, and Peraton to update as necessary |
SEDIMENT app containerization | WIP | <TODO> | Peraton Labs | |
Provision a common VM that can be used for tests | ssh sbp@ 172.173.219.229 … credentials will be provided to relevant folks | Done | 20th April 2023 | AccuKnox |
Deploy SEDIMENT on a sample Linux VM | TODO | Peraton | ||
Deploy KubeArmor on same VM as SEDIMENT | TODO | AccuKnox | ||
Get KubeArmor visibility for SEDIMENT app | TODO | AccuKnox | ||
Apply protection policies for securing SEDIMENT | TODO | AccuKnox | ||
Identify lab requirements | Based on the VM used above, identify lab requirement | TODO | Peraton + AccuKnox | |
Joint Demo to 5G-SBP | TODO | Peraton + AccuKnox |