-
Notifications
You must be signed in to change notification settings - Fork 1
Security Whitepaper
Athena Auto-Operator edited this page Jun 8, 2026
·
1 revision
MAREF implements an 8-layer defense model for desktop Agent security:
| Layer | Component | Function |
|---|---|---|
| 1 | Input Sanitizer | Validates all external inputs (pydantic + custom validators) |
| 2 | Output Encoder | Prevents XSS/injection in all outputs |
| 3 | Security Decorators |
@security_critical marking for sensitive functions |
| 4 | Trust Boundary Manager | Cross-domain call authorization |
| 5 | Zero Trust Validator | Context isolation, precondition/postcondition validation |
| 6 | Safety Gate V2 | Action safety准入, non-repairable operation filtering |
| 7 | CircuitBreaker | 3 consecutive failures → automatic lock + 30s cooldown |
| 8 | TLA+ Verification | Mathematically proven safety properties |
ALLOW → DENY → ASK_USER → DEFER
- 97% automation rate — decisions made without human intervention
- CircuitBreaker — 3 consecutive failures trigger automatic lockout
- HALT absorption state — prevents cascading failures
5 theorem proofs ensure safety:
- Lyapunov Convergence — Trust state machine converges to stable state
- Sperner Completeness — All governance states are reachable
- Byzantine Fault Tolerance — Consensus works under Byzantine conditions
- Safety Invariants — Core safety properties preserved under all transitions
- Liveness — System never deadlocks
| Algorithm | Standard | Implementation | File |
|---|---|---|---|
| SM2 | GB/T 32918.2-2016 | Elliptic curve public key | src/maref/crypto/sm2.py |
| SM3 | GB/T 32918.1-2016 | Cryptographic hash (256-bit) | src/maref/crypto/sm3.py |
| SM4-GCM | GB/T 32907-2016 | Block cipher with authenticated encryption | src/maref/crypto/sm4_gcm.py |
WARNING: SM2/SM3/SM4-GCM implementations are subject to Chinese cryptographic export control regulations.
- Within China: Free to use under Apache-2.0
- Outside China: Users responsible for local compliance
- Always run with
MAREF_SAFETY_LEVEL=production - Enable all 8 defense layers (on by default)
- Grant only minimum required OS permissions
- Review audit logs regularly
- Monitor CircuitBreaker trip rate via Prometheus
- Keep dependencies updated
MAREF uses DID/VC (Decentralized Identity / Verifiable Credentials) for Agent identity and trust scoring.
- DID:MAREF — Decentralized identifier registry
- W3C Verifiable Credentials — Standard credential format
- Merkle Audit Chain — Tamper-evident audit trail (ISO 27001 C.5.33)
© 2026 MAREF Contributors. Licensed under Apache-2.0.