Versions Compared

Old Version 6

changes.mady.by.user Muddasar Ahmed

Saved on

compared with

New Version Current

changes.mady.by.user LJ Illuzzi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 Recording & Transcript

...


Attendance

Please enter your name and company. Tag yourself using LF ID User Name. Don't have an LF ID yet? Go here: https://myprofile.lfx.linuxfoundation.org/.

NameCompany

LJ Illuzzi 

Linux Foundation
Lincoln Thurlow University of Southern California, Information Sciences Institute
Muddasar Ahmed MITRE
Zahir Patni Peraton Labs
Vijayakumar R Tawker Veltris
Ranny Haiby Linux Foundation




















                        

Agenda:

...


SEDIMENT+KubeArmor

    • New Use Case/collaboration proposal (Muddasar):
      • Project L3AF using eBPF for LSM (Linux Security Modules?). There may be a potential for alignment around security; zero-trust capabilities- Ron to take it up with KubeArmor technical team
    • Muddasar asked if SEDIMENT can be ported to Linux to expand it capabilities to say, self-attestation.
      • Zahir shared the SEDIMENT can be used on Linux and uses the notion of user-defined functions so that for Linux devices, with much larger storage spaces then IoT devices, specific files can be specified to be attested to insure they have not been tampered with.
      • Drilling deeper it is proposed that SEDIMENT might be used to attest a Linux host before deployment. For example, when a CSP deploys Kubernetes infrastructure on Linux based platforms there is a capability where SEDIMENT can attest the host before deployment. A base-level Use Case can show the concept of using Linux to deploy different security-level SLAs
    • SEDIMENT presentation accepted for ONE Summit: https://onesummit2024.sched.com/event/1YUsm?iframe=no
    • Demo ready using environmental sensors was presented on 12/06.
    • Initial PoC:
    • Potential Hex Five sub project - Cesare/Rajesh
      • Investigative meeting took place between Peraton and Hex Five (Cesare).
      • Next Step- Hex Five to potentially come back with a proposal. in progress as of 11/01/23
    • Next Steps:
      • Muddasar new Use Case proposal... add detail. Add to next agenda
      • Zahir/LJ working on adding environmental sensors Use Case to Library
      • Looking to create an easy to use guidebook (Raj)
        • Related to API work
        • Would have to go through DARPA Public Release process
        • Aarno Labs- an MIT spin-off. Provides security for (currently) Java script. Whereas KubeArmor protects at the container level, Aarno protects at the Java script program level. SEDIMENT offers them an alternative where they may not be deploying on SGX (Software Guard Extensions). Contact Eric and Jeff Perkins also on SEDIMENT project. Raj to make introduction. Presented on Sept PI meeting.
      • Identify and develop a security Use Case

...

SABRES: Slice Selection, Path Validation, Multiparty Management - Lincoln Thurlow. (USC/ICI)

    • Agreement with the Linux Foundation has ended
    • All code commited to LF repos will remain intact and continue to be updated through at least Sept2024
    • Open source license is BSD3
    • A demo on Constraint-based search is created; needs legal approval to make available
    • Lumen technologies will act as distributor and upsell contraint based search for anyone who might need it (Amazon, Google, etc.)
    • What existing capabiliites can be included/added to the 5G Super Blueprint Library? Constraint-based search, demo
    • Next Steps:
      • Improve algorithms for constraint based search
      • path validation with a different proof algorithm to improve the performance
      • Inclusion into 5G SBP Library
        • Scope: Constraint-based search, Can be done where RAN and other resources are deployed on a 5G network. If there are any contraints, for example disk space or CPU latency, and have a placement problem, thats where SABREs shines. The demo shows constraint-based search
      • Legal approval is needed to release the demo
    • Three use cases will have separate services associated
    • What orchestrator will/can be used?
      • potential to duplicate Simplified E2E Network Slicing (Aarna) using EMCO
        • Aarna confirms all Simplified network slicing solution will be open source and NDA will not be required.
        • License - Apache 2
      • potential to leverage Wavelabs slicing using EMCO
    • ICCCN paper: ICCCN_2023_paper_187.pdf
    • Code repository (https://pulwar.isi.edu/sabres/cbs/cbs) that was used during the last government demonstration.  This is the initial code base (src directory), which will not be the final product (as this version only works on 2-3 variables, rather than arbitrary).  This code was used to replace ETSI's OSM's PLA module (using minizinc constraint solver) with CBS [https://osm.etsi.org/gitlab/osm/pla].
    • Lincoln tried setting up EMCO using documentation and it failed to come up.
    • SD-Core setup at ICI
    • Next Steps:
      • Open source license: is it Apache2?
      • .....
      • Risk: need to clear university policy to open source. Risk mitigated - USC cleared the project. Next step agree on a license.
      • Replicate Simplified Slicing demo locally in ISI lab (Lincoln)
      • Debug the environment (Lincoln)
      • Setup SD-Core at ICI (demonstrate slicing using SD-Core)
        • rewriting parts of the UPF to integrate SABREs code
      • Set up a drop-in replacement for the current slicing algorithm with CBS algorithm (Lincoln)
      • Leverage UNH and Kaloom. Ganesh and Lincoln?


Upcoming Meetings

  • Off-week working group meeting.
    • Topic: ? or cancel
  • Bi-weekly Status Meeting.
  • Off-week working group meeting
    • Topic? or cancel

...