5G-Kubernetes provides a critical security extensions to SD-RAN’s nRT-RIC, enabling xApps to operate with least permissive process-level constraints, authenticated and non-reputable identities, data flow privacy, and RIC-wide runtime monitoring and policy enforcement to ensure compliance with an applicable set of 5G-specific security standards.
Zero-trust 5G Control Plane Policy Enforcement
The SD-RAN design separates the 5Gb mobile network control and management functions into modular applications that are managed by a platform called the RAN Intelligent Controller, or RIC. In mission-critical 5G-adoption scenarios, the RIC should be considered perhaps the most mission critical service within the architecture. For the O-RAN SD-RAN implementation, the nRT-RIC (near-RealTime RIC) has been developed using micro-ONOS, based on a microservice architecture hosted on Kubernetes (or K8s). SD-RAN control functions are containerized and deployed by Kubernetes as extensible workloads (or xApps). O-RAN’s approach introduces a range of important virtual workload management challenges regarding the stability and security of deployed xApps. xApps represent a powerful concept emerging from the 5G industry to foster rapid control plane innovation in a vendor-neutral manner. However, this emerging control plane ecosystem also imposes significant questions of open-source supply chain trust, secure xApp management, runtime policy monitoring and enforcement of third-party xApp behavior as these applications are integrated by 5G operators.