#acumos-meeting: Acumos Security Subcommittee Meeting

Meeting started by aimeeu at 14:15:08 UTC (full logs).

Meeting summary

  1. Roll Call (aimeeu, 14:15:47)
    1. Bryan Sullivan AT&T, Daniel Sela - Amdocs (aimeeu, 14:18:52)

  2. Release Planning (aimeeu, 14:19:36)
    1. bryan added a roadmap page to the wiki (aimeeu, 14:19:53)
    2. #link https://wiki.acumos.org/display/SEC/Release+Planning (aimeeu, 14:20:23)
    3. Bryan adds items from Daniel (aimeeu, 14:22:04)
    4. "automatic artifact reconstruction upon upload to the platform as necessary to ensure compiled model " matches the source" (aimeeu, 14:22:55)
    5. Daniel: idea is NOT to let attacker take advantage (aimeeu, 14:23:11)
    6. discussion on Python pickle and HD5 files (aimeeu, 14:28:15)
    7. federation secured with client certificates (aimeeu, 14:36:41)
    8. question on what can be done in Athena release (aimeeu, 14:43:02)

  3. Ongoing Items (aimeeu, 14:44:49)
    1. still no response from LF on using NexusIQ (aimeeu, 14:45:03)

  4. security-verification component (aimeeu, 14:51:14)
    1. Daniel: platform code contribution not a problem; if i want to download 8 models developed by TechM, i have to download, scan, review, approve - quite expensive; download and manually scanning does not solve the security/trust problem (aimeeu, 15:00:23)
    2. Bryan: technical limitation for scanning: process-related inside Acumos (no mandate to upload source), metadata.json only lists dependencies needed to build microservice (aimeeu, 15:00:38)
    3. Daniel asks if code is uploaded during onboarding (aimeeu, 15:00:58)
    4. Bryan: for python, code technically is uploaded - trained models are uploaded as compressed data (pickle or HD5 - binary compressed representations of code - uncompressed is not full representation of source); no decompression tool for pickle files - you'd have to uncompress in python env which would potentially expose (aimeeu, 15:01:17)
    5. Daniel would like to know exactly what happens when a model is on-boarded - what transformations take place and when (aimeeu, 15:01:50)
    6. Bryan will talk to model on-boarding team (aimeeu, 15:02:01)


Meeting ended at 15:02:06 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. aimeeu (23)
  2. collabot (4)
  3. bryan_att (0)


Generated by MeetBot 0.1.4.