2022-08-23 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 23rd of August 2022.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution



Update on Unmaintained Projects task group

Unmaintained Project tg reviewing RACI matrix: https://lf-onap.atlassian.net/wiki/display/DW/Project+State%3A+Unmaintained

Use Jira TSC epic and project/work group tasks to track the retirement of a capability (project/repos) – create template

OOM contains unused/orphan code: discuss at next unmaintained projects call because it affects security and maintainability (step in the RACI matrix)

DCAEMOD repos are being removed in London

Test RACI process with AAF (unmaintained project) and DCAEMOD (unmaintained repos) – Muddasar will contact Vijay

ongoing





Update on the Security Logging Fields and Global Requirement  

Bob updated PTLs at the 8/22 PTL call

DCAE will deliver logging updates in London

will socialize python & javascript POCs with PTLs: May need python & js POCs

Use language indicator on SonarCloud dashboard to determine programming language

ongoing





SBOM creation 

dcaegen2-collectors-ves SBOM successful

CPS SBOM working

4 successful project SBOMs created

ongoing





Superblueprint

Update from 8/16 Super Blueprint meeting (Muddasar)

  • Use cases to be added, limited resources to go with E2E solution integration.

    • Ultra low latency use case – video monitoring

  • Status of lab infrastructure – decided which labs to use

  • Open source

    • Core: open 5GC & Aarna Networks 5G core based on open source.

    • gNodeB

    • Orchestrator: ONAP

  • Amy will invite Martial to demo his work to SECCOM

Use cases to be added, limited resources to go with E2E solution integration.

Weekly meetings: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=50528282

Architecture: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=53609061

Roadmap: https://wiki.lfnetworking.org/display/LN/5G+Super+Blueprint+Roadmap

Requirements and Use case Advisory Group: https://wiki.lfnetworking.org/display/LN/Requirements+and+Use+Case+Advisory+Group

Use cases: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=68792322

Use cases to be added, limited resources to go with E2E solution integration.

Muddasar tasked with specifying detailed use case requirements for creating secure slices: least privilege

Eric Kline performing streaming analytics on data to use in closed loop slicing automation

ongoing

Logistic from program perspective needs to be improved.



OOM

Ericsson OOM team is focused on the ONAP security reference implementation.

Logging reference implementation is second priority work item for now.

Code link was shared with SECCOM before (nordix), but not yet contributed to ONAP







PTL meeting – August 22th

Short meeting (Bob attended)

  • Bob presented logging

  • Upcoming events

  • Release updates







TSC meeting – August 18th

No one on SECCOM call attended







ONE Summit NA  

Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software

Byung will present service descriptor and potentially new ONAP security architecture with service mesh.







LFN Developer & Testing Forum NA 

Productization of Assured Opensource Software - Muddasar

SBOM implementation and challenges in ONAP - Muddasar

5G orchestration with ONAP, AI and ML. - Maggie



Brian to be asked by Muddasar as co-presenter for SBOM.



SECCOM MEETING CALL WILL BE HELD ON 30th OF August'22. 











Recordings: 

audio1262995881.m4a

video1262995881.mp4

SECCOM presentation:

2022-08-23 ONAP Security Meeting - AgendaAndMinutes.pptx