Versions Compared

Old Version 21

changes.mady.by.user Rajesh Krishnan

Saved on

compared with

New Version Current

changes.mady.by.user Rahul Jadhav

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Remote Attestation Topology

** XXX: integrate both diagrams into a single view, add missing ports  **

** show objective device (dotted) and test surrogate (container) **  

Image Removed

Image Modified


SEDIMENT System Requirements

  • Ubuntu 20.04 docker containers for verifier, relying party,  app server, and prover (surrogate test device)
  • Memory: 8 GB
  • CPU: 4 VCPUs

  • Arch: x86_64

  • Networking:  The following TCP ports needs to be open for the corresponding containers

    • Relying Party: 22 (SSH), 8000 and 8101

      • must be able to open connection to 8001

    • Verifier: 22 (SSH), 8100, and 8050 (HTTP GUI)

      • must be able to open connections to 81018000

    • Application Server: 22 (SSH), 8001, and 8051 (HTTP GUI)

    • Device: 22 (SSH)

      • must be able to open connections to 8000 and 80018100

KubeArmor System Requirements

  • CPU: 100m (millicore) 100m = 1/10th of a vcpu (ref)
  • Memory: 100Mi 150Mi (ref)
  • karmor cli connects to kubearmor on port TCP/32767.

Deployment Mode

SEDIMENT Deployment Mode

...

KubeArmor Deployment Mode

  • Deployed in systemd mode
  • Discovery Engine provides visibility into app behaviour and runs as host process.

Security use-cases to target with KubeArmor

...

WIPWIPWIPssh sbp@172.173.219.229 … Deploy sample TODOTODO TODOTODO

Task

Description

Status

ETA

Owner

Document

For arch, sys requirements, deployment model etc

Done

20th April 2023

AccuKnox to create, and Peraton to update as necessary

Brief plan to 5G SBP WGDiscuss details of the use case demo plan with the 5G SBP WG in a bi-weekly meeting Done2nd May 2023Peraton + AccuKnox

SEDIMENT app containerization


Done

5th, May, 2023

Peraton Labs

Provision a common VM that can be used for tests

credentials will be provided to relevant folks

Done

20th April 2023

AccuKnox

Provide containerized SEDIMENT to run on a

Linux VM

/Host


Done

5th May, 2023

Peraton Labs

Identify prover device and camera
TODO
Peraton

Deploy KubeArmor on same VM as SEDIMENT


Done


AccuKnox

Get KubeArmor visibility for SEDIMENT app


Done


AccuKnox

Apply protection policies for securing SEDIMENT


Done


AccuKnox

Identify lab requirements

Based on the VM used above, identify lab requirement

TODO


Peraton + AccuKnox +Kaloom

Implement in Kaloom lab
TODO
Peraton + AccuKnox +Kaloom

Joint Demo to 5G-SBP


TODO


Peraton + AccuKnox


  •   Ganesh Venkatraman , what is the status of current IBM environment/solution in Kaloom?

  •  Document proposed observability capabilities. Define observability capabilites/use case