Security requirements 

  • Infrastructure tamper detection and classification
    • Aggregate information of Edge sites
      • % of compute nodes trusted 
      • % of compute nodes not trust verified.
    • Tamper detection of verifier in each site
    • TPM based attestation security
    • Verification of new software installation/upgrade (Usage of Linux IMA).
  • Secure communication between ONAP and Site (TLS or IPSEC)
  • Certificate based authentication between ONAP and Site
    • Certificate Enrollment
    • Mutual CA 
    • Security of private keys using hardware root of trust (e.g TPM or SGX)
  • Secret Management 
    • Centralized Secret management with decentralized distribution
    • Security in decentralized case (e.g SGX based security)


  • No labels