5 Trust Model
The following Trust Model depicts the reference trust model (regardless of the target environment). The model describes the key access points and controls site deployment. While the model shows a single 5G NF microservice being deployed, typically many more would be deployed in an individual cluster.
Key Trust Boundaries
Following are the key trust boundaries:
Table 5-1 Key Trust Boundaries
| Trust Boundary | Includes | Access Control |
|---|---|---|
| Site Trust Boundary | All the NF and other supporting elements for a given site. | Cluster Access Policies are implemented using some kind of Access Control Group (or Security Group) mechanism. |
| Cluster Trust Boundary | All the Compute Elements for a given cluster | Network Policies controls traffic ingress and egress; Pod Security Policies controls the kinds of workloads allowed in the cluster (Example: no pods requiring privilege escalation). |
| DB Trust Boundary | All the DB Tier Elements for a given Cluster | Firewall Policies control traffic ingress and egress; DB grants and other permission mechanisms provide authorization for authorized users. |
| Orchestrator Trust Boundary | The orchestration interface and keys | Firewall Policies control access to a Bastion server which provides orchestration services; access to the Bastion host uses SSH. The cluster orchestration keys are stored on the Bastion host. |
| CS Trust Boundary | The common services implementing logging, tracing, and measurements. | Each of the common services provides independent user interfaces (GUIs) that are currently open. The customer may want to introduce an api-gateway and implement authentication and authorization mechanisms to protect the OAM data. The common services may be configured to use Trasport Layer Security (TLS); when TLS is used, certificates will need to be generated and deployed via the orchestrator. |
| NF Trust Boundaries | A collection of one (or more) 5G Network Functions deployed as a service. | Some 5G NF microservices provide OAM access via a
GUI.
5G NF microservices provide Signaling access via a TLS protected HTTP2 interface. The certificates for these interfaces are managed via the certificate manager. |
External Data Flows
The following are external data flows:
Table 5-2 External Data Flows
| Data Flow | Protocol | Description |
|---|---|---|
| DF1: Configuration | SSH | The installer or administrator accesses the orchestration system, which is hosted on the Bastion Server. The install or administrator must use ssh keys to access the bastion to a special orchestration account (not root); no password access is allowed. |
| DF2: Logs, Measurements, Traces | HTTP/HTTPS | The administrator or operator interacts with the common services using web interfaces. |
| DF3: 5G Signaling | HTTP2 (w/TLS) | All signalling interaction between NFs at a site and NFs at an external site is sent via TLS protected HTTP2. |
| DF4: Alerts | SNMP (Trap) | All alerting is performed using SNMP traps. |
The complete list of network flows
including service types and ports are available in Port Flow
Appendix.