Skip to content

Security Whitepaper

Athena Auto-Operator edited this page Jun 8, 2026 · 1 revision

Security Whitepaper

8-Layer Defense-in-Depth Architecture

MAREF implements an 8-layer defense model for desktop Agent security:

Layer Component Function
1 Input Sanitizer Validates all external inputs (pydantic + custom validators)
2 Output Encoder Prevents XSS/injection in all outputs
3 Security Decorators @security_critical marking for sensitive functions
4 Trust Boundary Manager Cross-domain call authorization
5 Zero Trust Validator Context isolation, precondition/postcondition validation
6 Safety Gate V2 Action safety准入, non-repairable operation filtering
7 CircuitBreaker 3 consecutive failures → automatic lock + 30s cooldown
8 TLA+ Verification Mathematically proven safety properties

4-Level Security Decision Tree

ALLOW → DENY → ASK_USER → DEFER
  • 97% automation rate — decisions made without human intervention
  • CircuitBreaker — 3 consecutive failures trigger automatic lockout
  • HALT absorption state — prevents cascading failures

TLA+ Formal Verification

5 theorem proofs ensure safety:

  1. Lyapunov Convergence — Trust state machine converges to stable state
  2. Sperner Completeness — All governance states are reachable
  3. Byzantine Fault Tolerance — Consensus works under Byzantine conditions
  4. Safety Invariants — Core safety properties preserved under all transitions
  5. Liveness — System never deadlocks

Chinese National Cryptographic Standards (国密算法)

Algorithm Standard Implementation File
SM2 GB/T 32918.2-2016 Elliptic curve public key src/maref/crypto/sm2.py
SM3 GB/T 32918.1-2016 Cryptographic hash (256-bit) src/maref/crypto/sm3.py
SM4-GCM GB/T 32907-2016 Block cipher with authenticated encryption src/maref/crypto/sm4_gcm.py

Export Control Notice

WARNING: SM2/SM3/SM4-GCM implementations are subject to Chinese cryptographic export control regulations.

  • Within China: Free to use under Apache-2.0
  • Outside China: Users responsible for local compliance

Security Best Practices

  1. Always run with MAREF_SAFETY_LEVEL=production
  2. Enable all 8 defense layers (on by default)
  3. Grant only minimum required OS permissions
  4. Review audit logs regularly
  5. Monitor CircuitBreaker trip rate via Prometheus
  6. Keep dependencies updated

Cryptographic Identity

MAREF uses DID/VC (Decentralized Identity / Verifiable Credentials) for Agent identity and trust scoring.

  • DID:MAREF — Decentralized identifier registry
  • W3C Verifiable Credentials — Standard credential format
  • Merkle Audit Chain — Tamper-evident audit trail (ISO 27001 C.5.33)

← Back to Home

Clone this wiki locally