...
- Visibility into SEDIMENT application behavior
- Identify the process forking behavior of the application
- Identify sensitive asset access of SEDIMENT
- Identify network access required by SEDIMENT
- Protection policies for Gateway deploying SEDIMENT Verifier.
- Process Whitelisting: Do not allow processes to execute within SEDIMENT container outside of the given spec.
- Network Access: Only allow SEDIMENT binaries to use the network primitives
- Check SEDIMENT configuration files and create a security net around SEDIMENT’s sensitive assets.
- Use host hardening policies to protect host.
Tasks/Action Items
Task | Description | Status | ETA | Owner |
Document | For arch, sys requirements, deployment model etc | WIP | 20th April 2023 | AccuKnox to create, and Peraton to update as necessary |
SEDIMENT app containerization | WIP |
5th, |
May, 2023 | Peraton Labs | |||
Provision a common VM that can be used for tests | ssh sbp@ 172.173.219.229 … credentials will be provided to relevant folks | Done | 20th April 2023 | AccuKnox |
Deploy SEDIMENT on a sample Linux VM | TODO | Peraton | ||
Identify prover device and camera | TODO | Peraton | ||
Deploy KubeArmor on same VM as SEDIMENT | TODO | AccuKnox | ||
Get KubeArmor visibility for SEDIMENT app | TODO | AccuKnox | ||
Apply protection policies for securing SEDIMENT | TODO | AccuKnox | ||
Identify lab requirements | Based on the VM used above, identify lab requirement | TODO | Peraton + AccuKnox | |
Joint Demo to 5G-SBP | TODO | Peraton + AccuKnox |