...
Remote Attestation Topology
** XXX: integrate both diagrams into a single view **
Note: In Phase 1, we will target only the Gateway security and not work on the device side of things.
Systems Requirements
** XXX: state this for verifier, app server, and device separately **
...
SEDIMENT System Requirements
- Ubuntu 20.04 docker containers for verifier, relying party, app server, and prover (surrogate test device)
- Memory: 8 GB
- CPU: 4 VCPUs
Arch: x86_64
CPU: 4 vcpus
Memory: 8 GB
...
Networking: The following TCP ports needs to be open for the corresponding containers
...
Relying Party: 22 (SSH), 8000 and 8101
...
must be able to open connection to 8001
Verifier: 22 (SSH), 8100, and 8050 (HTTP GUI)
must be able to open connections to 8000
Application Server:
...
22 (SSH), 8001, and 8051 (HTTP GUI)
Device: 22 (SSH)
must be able to open connections to 8000 and 8100
External Access: ssh access to the node would be required
SEDIMENT System Requirements
- Ubuntu 20.04 docker container for replying party, verifier and app server
- Memory: 8 GB
- CPU: 4 cores
KubeArmor System Requirements
- CPU: 100m (millicore) 100m = 1/10th of a vcpu (ref)
- Memory: 100Mi 150Mi (ref)
- karmor cli connects to kubearmor on port TCP/32767.
Deployment Mode
SEDIMENT Deployment Mode
...
KubeArmor Deployment Mode
- Deployed in systemd mode
- Discovery Engine provides visibility into app behaviour and runs as host process.
Security use-cases to target with KubeArmor
...
Task | Description | Status | ETA | Owner | ||
Document | For arch, sys requirements, deployment model etc | WIPDone | 20th April 2023 | AccuKnox to create, and Peraton to update as necessary | ||
Brief plan to 5G SBP WG | Discuss details of the use case demo plan with the 5G SBP WG in a bi-weekly meeting | Done | 2nd May 2023 | Peraton + AccuKnox | ||
SEDIMENT app containerization | WIPDone | 5th, May, 2023 | Peraton Labs | |||
Provision a common VM that can be used for tests | credentials will be provided to relevant folks | Done | 20th April 2023 | AccuKnox | ||
Provide containerized SEDIMENT to run on a | sample Linux VM | TODO/Host | Done | 5th May, 2023 | Peraton Labs | |
Identify prover device and camera | TODO | Peraton | ||||
Deploy KubeArmor on same VM as SEDIMENT | TODO Done | AccuKnox | ||||
Get KubeArmor visibility for SEDIMENT app | TODODone | AccuKnox | ||||
Apply protection policies for securing SEDIMENT | TODODone | AccuKnox | ||||
Identify lab requirements | Based on the VM used above, identify lab requirement | TODO | Peraton + AccuKnox +Kaloom | |||
Implement in Kaloom lab | TODO | Peraton + AccuKnox +Kaloom | ||||
Joint Demo to 5G-SBP | TODO | Peraton + AccuKnox |
- Ganesh Venkatraman , what is the status of current IBM environment/solution in Kaloom?
- Document proposed observability capabilities. Define observability capabilites/use case