← Back to reference

Threat Model

Components

  • Agent (host process)
  • Collector processes (GPU, Fabric)
  • Control plane (single binary)
  • Remediation binary
  • Storage backends
  • KMS
  • SIEM forwarder
  • Multi-tenant CP routing

Per-Component STRIDE

Agent

  • Spoofing: Mitigated by mTLS with workload identity.
  • Tampering: Mitigated by signed binaries + SBOM.
  • Repudiation: Every action audit-logged.
  • Information disclosure: TLS 1.3 only; payload encrypted at rest in CP.
  • Denial of service: rate-limited by OTLP receiver.
  • Elevation of privilege: drops to least privilege; drops capabilities on failure.

Control Plane

  • Spoofing: SAML/OIDC, MFA.
  • Tampering: append-only audit + hash chain.
  • Repudiation: correlation-engine decisions audit-logged.
  • Information disclosure: per-tenant RBAC + ABAC.
  • Denial of service: rate limiting per tenant.
  • Elevation of privilege: ServiceAccount-bound principals only.

Storage

  • Envelope encryption, customer-managed keys.
  • Audit on every read/write.

KMS

  • Customer-managed key; HSM in air-gap tier.
  • Audit on every sign/decrypt.

SIEM Forwarder

  • HMAC-signed export.
  • Audit on every send.

Multi-Tenant CP Routing

  • Tenant id is required; missing returns 400.
  • Cross-tenant operations require platform_admin scope and are audit-logged with cross_tenant=true.

Adversary Capabilities

The model assumes:

  • An adversary can compromise any single agent's host.
  • An adversary can inject packets into the network.
  • An insider with read access on their own tenant data.
  • An insider with sre role can attempt to escalate.
  • An adversary with PyPI/Crates supply-chain access (CVE-driven).

We DO NOT assume the customer has been rooted; if they have been rooted, all bets are off — that's not our threat model.