Security requirements
- Infrastructure tamper detection and classification
- Aggregate information of Edge sites
- % of compute nodes trusted
- % of compute nodes not trust verified.
- Tamper detection of verifier in each site
- TPM based attestation security
- Verification of new software installation/upgrade (Usage of Linux IMA).
- Aggregate information of Edge sites
- Secure communication between ONAP and Site (TLS or IPSEC)
- Certificate based authentication between ONAP and Site
- Certificate Enrollment
- Mutual CA
- Security of private keys using hardware root of trust (e.g TPM or SGX)
- Secret Management
- Centralized Secret management with decentralized distribution
- Security in decentralized case (e.g SGX based security)