<Briefly describe the problem being solved, not how the problem is solved, just focus on the problem. Think about why the feature is needed, and what is the relevant context to understand the problem.>
OpenHorizon provides the ability to flexibly deploy edge workloads by providing its own orchestrating elements. As an edge service provider who uses OpenHorizon this provides immense flexibility in deploying and managing edge operations.
However, this flexibility comes at a tradeoff wherein the workloads deployed on edge might not necessarily be created by security savvy developers and might have vulnerability. The impact of such a vulnerability exploit can be immense since it can bring the edge to a halt, but more importantly, the attacker has the possibility of leveraging a security gap in one workload to target another workload on the same edge node since they are colocated. The edge workloads may contain sensitive data related to user and hence needs to be protected.
Furthermore, it is important for the edge administrators or service providers to have monitoring options for edge workloads. This could be needed further for compliance and regulatory purposes.
As an example, IEC 62443 standard defines following principles to be followed in the OT sector:
Principle of least privilege: Provide edge node components and external interfaces only the required access and deny everything else.
Defense in Depth: Multi layered defense techniques to delay or prevent a cyber attack in the industrial network
Risk Analysis: Practice used to address risks related to production infrastructure, production capacity etc
Design
<Describe how the problem is fixed. Include all affected components. Include diagrams for clarity. This should be the longest section in the document. Use the sections below to call out specifics related to each aspect of the overall system, and refer back to this section for context. Provide links to any relevant external information.>
<Describe which user roles are related to the problem AND the solution, e.g. admin, deployer, node owner, etc. If you need to define a new role in your design, make that very clear. Remember this is about what a user is thinking when interacting with the system before and after this design change. This section is not about a UI, it's more abstract than that. This section should explain all the aspects of the proposed feature that will surface to users.>
Deployment UX
Should we consider k8s mode of deployment or pure-containerized mode of deployment? KubeArmor works best with k8s mode of deployment and is the recommended mode. Having said that, the previous integration/demo/POC done with OH was in pure-containerized mode.
How would the deployment of KubeArmor on the target edge node happen? Will it be deployed as a separate workload with its own control plane or will it be integrated into the same control plane as that of OH?
There is a value in keeping KubeArmor and associated tooling decoupled from Anax and OH Management Hub. This would allow independent updates and essentially the security should be considered as one more addon from the service provider side of things.
The real challenge here is how would OH framework allow extensions to be built to integrate third party tooling?
Ship the hardening policies along with the KubeArmor installation.
Day2 Operations UX
How would the policy add/delete/list/modify work?
How would the recommended policies be shown to the user?
How would the SIEM tools integrations be done and at what point?
How would upgrade of KubeArmor be handled?
Use-cases to consider
Observability & Monitoring use-cases
File Integrity Monitoring: Any changes to the systems folders should be monitored/audited.
Protection: Hardening use-cases
TODO
Protection: Enforcing principle of least privilege
TODO
Protection: Enforcing Network Protection
TODO
Workload Forensics
TODO
charisse lu Should we create security guidelines for workload creators?
Command Line Interface
<Describe any changes to the hzn CLI, including before and after command examples for clarity. Include which users will use thechanged CLI. This section should flow very naturally from the User Experience section.>
How to extend Anax cli and integrate with karmor cli? Can we expect the user to have two clis? Does Anax cli offer pluggable interfaces?
The policy add/delete/update/list should be handled through this cli.
External Components
<Describe any new or changed interactions with components that are not the agent or the management hub.>
Affected Components
<List all of theinternalcomponents (agent, MMS, Exchange, etc) which need to be updated to support the proposed feature. Include a link to the github epic for this feature (and the epic should contain the github issues for each component).>
Security
<Describe any related security aspects of the solution. Think about security of components interacting with each other, users interacting with the system, components interacting with external systems, permissions of users or components>
APIs
<Describe and new/changed/deprecated APIs, including before and after snippets for clarity. Include which components or users will use the APIs.>
Build, Install, Packaging
<Describe any changes to the way any component of the system is built (e.g. agent packages, containers, etc), installed (operators, manual install, batch install, SDO), configured, and deployed (consider the hub and edge nodes).>
Documentation Notes
<Describe the aspects of documentation that will be new/changed/updated. Be sure to indicate if this is new or changed doc, the impacted artifacts (e.g. technical doc, website, etc) and links to the related doc issue(s) in github.>
Test
<Summarize new automated tests that need to be added in support of this feature, and describe any special test requirements that you can foresee.>
