niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/ops/asl-auth-host-threat-model-1.md
Carl Niklas Rydberg 74efedf62c Rework ops specs
2026-01-17 09:21:47 +01:00

2.4 KiB
Raw Blame History

ASL/AUTH-HOST-THREAT-MODEL/1 - Threat Model

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2026-01-17 Tags: [ops, authority, security]

Document ID: ASL/AUTH-HOST-THREAT-MODEL/1 Layer: O2S - Authority host security profile

Depends on (normative):

  • ASL/AUTH-HOST/1

Informative references:

  • ASL/OFFLINE-ROOT-TRUST/1

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

1. Scope and Assumptions

1.1 In Scope

  • Offline authority host
  • USB-mediated intake and output
  • DAM signing and admission artifacts
  • PEL execution for receipt generation
  • Snapshot and log sealing

1.2 Assumptions

  1. Physical access to hardware is controlled.
  2. The host is offline (no network interfaces).
  3. Root keys are uncompromised.
  4. Operator presence is required for authority actions.

2. Assets

  • Root authority keys
  • Domain signing keys
  • DAM and policy artifacts
  • PER receipts and environment claims
  • Domain identity bindings

3. Adversary Model

The adversary MAY:

  • Supply malicious USB content
  • Replay old requests
  • Provide malformed PEL programs
  • Attempt to confuse domain identity

The adversary MUST NOT:

  • Access signing keys without operator approval
  • Modify host binaries without physical compromise

4. Trust Boundaries

[ USB INPUT ] -> [ AUTH HOST ] -> [ USB OUTPUT ]

Data flows are unidirectional per phase. The host MUST treat input as untrusted until verification succeeds.

5. Threats and Mitigations

5.1 Spoofing

  • Mitigation: DAM signature verification and policy hash checks.

5.2 Tampering

  • Mitigation: hash all inputs, sign outputs, mount USB read-only.

5.3 Repudiation

  • Mitigation: PER receipts include program hash, input hashes, and snapshot ID.

5.4 Information Disclosure

  • Mitigation: no network, explicit publish rules, encrypted private artifacts.

5.5 Denial of Service

  • Mitigation: operator-mediated execution, size limits, deterministic PEL subset.

5.6 Elevation of Privilege

  • Mitigation: PEL is declarative, no syscalls or I/O primitives.

6. Residual Risk

  • Physical compromise of hardware is out of scope.
  • Operator error remains a risk and SHOULD be mitigated with checklists.

7. Versioning

Backward-incompatible changes MUST bump the major version.