# ASL/AUTH-HOST-THREAT-MODEL/1 - Threat Model

Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2026-01-17
Tags: [ops, authority, security]

**Document ID:** `ASL/AUTH-HOST-THREAT-MODEL/1`
**Layer:** O2S - Authority host security profile

**Depends on (normative):**

* `ASL/AUTH-HOST/1`

**Informative references:**

* `ASL/OFFLINE-ROOT-TRUST/1`

---

## 0. Conventions

The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be
interpreted as in RFC 2119.

---

## 1. Scope and Assumptions

### 1.1 In Scope

* Offline authority host
* USB-mediated intake and output
* DAM signing and admission artifacts
* PEL execution for receipt generation
* Snapshot and log sealing

### 1.2 Assumptions

1. Physical access to hardware is controlled.
2. The host is offline (no network interfaces).
3. Root keys are uncompromised.
4. Operator presence is required for authority actions.

---

## 2. Assets

* Root authority keys
* Domain signing keys
* DAM and policy artifacts
* PER receipts and environment claims
* Domain identity bindings

---

## 3. Adversary Model

The adversary MAY:

* Supply malicious USB content
* Replay old requests
* Provide malformed PEL programs
* Attempt to confuse domain identity

The adversary MUST NOT:

* Access signing keys without operator approval
* Modify host binaries without physical compromise

---

## 4. Trust Boundaries

```
[ USB INPUT ] -> [ AUTH HOST ] -> [ USB OUTPUT ]
```

Data flows are unidirectional per phase. The host MUST treat input as untrusted
until verification succeeds.

---

## 5. Threats and Mitigations

### 5.1 Spoofing

* Mitigation: DAM signature verification and policy hash checks.

### 5.2 Tampering

* Mitigation: hash all inputs, sign outputs, mount USB read-only.

### 5.3 Repudiation

* Mitigation: PER receipts include program hash, input hashes, and snapshot ID.

### 5.4 Information Disclosure

* Mitigation: no network, explicit publish rules, encrypted private artifacts.

### 5.5 Denial of Service

* Mitigation: operator-mediated execution, size limits, deterministic PEL subset.

### 5.6 Elevation of Privilege

* Mitigation: PEL is declarative, no syscalls or I/O primitives.

---

## 6. Residual Risk

* Physical compromise of hardware is out of scope.
* Operator error remains a risk and SHOULD be mitigated with checklists.

---

## 7. Versioning

Backward-incompatible changes MUST bump the major version.