...
Currently, EVE does not have capability to provide data security at rest. This is being designed and implemented [1]. With this, EVE will provide capabilities like file system encryption, but it is up to the EVE Controller to make use of these capabilities to to achieve a security goal. For this EVE needs to define its interface towards EVE controller, and provision a way to define security policies from the Controller. This proposal focuses more on the interaction between EVE and EVE controller(EVC) in the context of realising a use case that the user might have to secure data processed on the EVE platform.
...
- EVE node will post the status messages for the Vaule Vault CRUD operation results.
b) Association of Edge Containers with a Vault - To control data at rest requirements of a Edge Container
- The app instance configuration may include a reference to a defined vault.
The Vault will be used store the mutated business sensitive information for the container will be stored in the associated vault.
c) Attestation of the device through PCR quote and Nonce and/or Geo-location/IP Address information etc.
- This will be used for remote attestation challenge/response exchange between EVC and EVE node.
...