|
|
EPISTEMIC THREAT MODEL & VALIDATOR ONTOLOGY |
|
|
|
|
|
FORMAL THREAT MODEL (STRIDE-E: Epistemic Extension) |
|
|
|
|
|
Spoofing - Identity Subversion |
|
|
|
|
|
``` |
|
|
Threat: n8n workflow impersonates validator |
|
|
Impact: False authority injection into ledger |
|
|
Mitigation: |
|
|
1. Cryptographic validator identity (PKI-based) |
|
|
2. Validator role attestation signed by IRE |
|
|
3. Workflow-to-validator binding in ledger metadata |
|
|
|
|
|
Detection: Mismatch between workflow signature and validator claim |
|
|
Severity: Critical (sovereignty breach) |
|
|
``` |
|
|
|
|
|
Tampering - Evidence Manipulation |
|
|
|
|
|
``` |
|
|
Threat: n8n alters evidence pre-canonicalization |
|
|
Impact: Garbage-in, narrative-out |
|
|
Mitigation: |
|
|
1. Raw evidence fingerprinting (content hash before processing) |
|
|
2. Evidence lineage tracking in n8n workflow logs |
|
|
3. IRE detects fingerprint mismatches |
|
|
|
|
|
Detection: Pre-canonical hash ≠ post-canonical derivation |
|
|
Severity: Critical (truth contamination) |
|
|
``` |
|
|
|
|
|
Repudiation - Epistemic Deniability |
|
|
|
|
|
``` |
|
|
Threat: n8n denies triggering detection that found suppression |
|
|
Impact: System loses accountability for its own findings |
|
|
Mitigation: |
|
|
1. Non-repudiable workflow execution proofs |
|
|
2. Watermarked intermediate results |
|
|
3. Cross-referenced timestamp chains |
|
|
|
|
|
Detection: Missing execution proof for detection result |
|
|
Severity: High (accountability loss) |
|
|
``` |
|
|
|
|
|
Information Disclosure - Pattern Leakage |
|
|
|
|
|
``` |
|
|
Threat: Detection patterns leaked through n8n logs |
|
|
Impact: Adversaries learn system |
|
|
Mitigation: |
|
|
1. Threshold abstraction (IRE returns categories, not scores) |
|
|
2. Differential privacy on aggregated results |
|
|
3. Ephemeral detection sessions |
|
|
|
|
|
Detection: Raw thresholds appear in orchestration logs |
|
|
Severity: Medium (detection model compromise) |
|
|
``` |
|
|
|
|
|
Denial of Service - Epistemic Exhaustion |
|
|
|
|
|
``` |
|
|
Threat: Flood system with nonsense to waste detection capacity |
|
|
Impact: Real patterns missed due to noise saturation |
|
|
Mitigation: |
|
|
1. Epistemic rate limiting per source |
|
|
2. Credibility-based throttling |
|
|
3. Detection priority queuing |
|
|
|
|
|
Detection: High-volume, low-signal detection requests |
|
|
Severity: Medium (resource exhaustion) |
|
|
``` |
|
|
|
|
|
Elevation of Privilege - Ontology Hijacking |
|
|
|
|
|
``` |
|
|
Threat: n8n attempts to modify lens/method definitions |
|
|
Impact: Epistemic framework compromise |
|
|
Mitigation: |
|
|
1. Immutable ontology registry (signed by originators) |
|
|
2. Versioned ontology with migration proofs |
|
|
3. No runtime ontology modification API |
|
|
|
|
|
Detection: Attempt to modify lens/method definitions |
|
|
Severity: Critical (sovereignty destruction) |
|
|
``` |
|
|
|
|
|
Epistemic Drift - Gradual Corruption |
|
|
|
|
|
``` |
|
|
Threat: Slow, subtle contamination of detection patterns |
|
|
Impact: System gradually aligns with preferred narrative |
|
|
Mitigation: |
|
|
1. Drift detection via historical self-comparison |
|
|
2. Cross-validation with frozen model versions |
|
|
3. Epistemic checksums on detection algorithms |
|
|
|
|
|
Detection: Statistical divergence from historical baseline |
|
|
Severity: High (stealth corruption) |
|
|
``` |
|
|
|
|
|
VALIDATOR ONTOLOGY (Role-Based Authority) |
|
|
|
|
|
Validator Archetypes |
|
|
|
|
|
``` |
|
|
1. Human-Sovereign Validator |
|
|
Role: Individual sovereignty preservation |
|
|
Authority: Can veto any ledger commit |
|
|
Identity: Self-sovereign cryptographic identity |
|
|
Quorum: Always required (cannot be automated away) |
|
|
Attestation: "I have reviewed and assert my sovereignty" |
|
|
|
|
|
2. System-Epistemic Validator |
|
|
Role: Detection methodology integrity |
|
|
Authority: Validates detection process adherence |
|
|
Identity: Cryptographic hash of detection pipeline config |
|
|
Quorum: Required for automated commits |
|
|
Attestation: "Detection executed per published methodology" |
|
|
|
|
|
3. Source-Provenance Validator |
|
|
Role: Evidence chain custody |
|
|
Authority: Validates evidence hasn |
|
|
Identity: Hash of evidence handling workflow |
|
|
Quorum: Optional but recommended |
|
|
Attestation: "Evidence chain intact from source to canonicalization" |
|
|
|
|
|
4. Temporal-Integrity Validator |
|
|
Role: Time-bound execution verification |
|
|
Authority: Validates timestamps and execution windows |
|
|
Identity: Time-locked cryptographic proof |
|
|
Quorum: Required for time-sensitive commits |
|
|
Attestation: "Execution occurred within valid time window" |
|
|
|
|
|
5. Community-Plurality Validator |
|
|
Role: Cross-interpreter consensus |
|
|
Authority: Requires multiple human interpretations |
|
|
Identity: Set of interpreter identities + attestation |
|
|
Quorum: Variable based on interpretation count |
|
|
Attestation: "Multiple independent interpretations concur" |
|
|
``` |
|
|
|
|
|
Validator Configuration Schema |
|
|
|
|
|
```json |
|
|
{ |
|
|
"validator_id": "urn:ire:validator:human_sovereign:sha256-abc123", |
|
|
"archetype": "human_sovereign", |
|
|
"authority_scope": ["ledger_commit", "evidence_rejection"], |
|
|
"quorum_requirements": { |
|
|
"minimum": 1, |
|
|
"maximum": null, |
|
|
"exclusivity": ["system_epistemic"] |
|
|
}, |
|
|
"attestation_format": { |
|
|
"required_fields": ["review_timestamp", "sovereignty_assertion"], |
|
|
"signature_algorithm": "ed25519", |
|
|
"expiration": "24h" |
|
|
}, |
|
|
"epistemic_constraints": { |
|
|
"cannot_override": ["detection_results", "canonical_hash"], |
|
|
"can_reject_for": ["procedural_violation", "sovereignty_concern"] |
|
|
} |
|
|
} |
|
|
``` |
|
|
|
|
|
Validator Quorum Calculus |
|
|
|
|
|
```python |
|
|
def calculate_quorum_satisfaction(validators: List[Validator], commit_type: str) -> bool: |
|
|
"""Calculate if validator quorum is satisfied for commit type""" |
|
|
|
|
|
archetype_counts = Counter(v.archetype for v in validators) |
|
|
|
|
|
# Base requirements |
|
|
requirements = { |
|
|
"ledger_commit": { |
|
|
"human_sovereign": 1, |
|
|
"system_epistemic": 1, |
|
|
"source_provenance": 0, # optional |
|
|
"temporal_integrity": 1, |
|
|
"community_plurality": 0 # depends on interpretation count |
|
|
}, |
|
|
"evidence_ingestion": { |
|
|
"human_sovereign": 0, |
|
|
"system_epistemic": 1, |
|
|
"source_provenance": 1, |
|
|
"temporal_integrity": 1, |
|
|
"community_plurality": 0 |
|
|
}, |
|
|
"detection_escalation": { |
|
|
"human_sovereign": 1, |
|
|
"system_epistemic": 1, |
|
|
"source_provenance": 0, |
|
|
"temporal_integrity": 1, |
|
|
"community_plurality": 1 # required for high-stakes escalations |
|
|
} |
|
|
} |
|
|
|
|
|
req = requirements[commit_type] |
|
|
|
|
|
# Check each archetype requirement |
|
|
for archetype, required_count in req.items(): |
|
|
if archetype_counts.get(archetype, 0) < required_count: |
|
|
return False |
|
|
|
|
|
# Check exclusivity constraints |
|
|
for validator in validators: |
|
|
for exclusive_archetype in validator.quorum_requirements.get("exclusivity", []): |
|
|
if exclusive_archetype in archetype_counts: |
|
|
return False |
|
|
|
|
|
return True |
|
|
``` |
|
|
|
|
|
LEDGER SCHEMA HARDENING |
|
|
|
|
|
Extended Block Schema |
|
|
|
|
|
```json |
|
|
{ |
|
|
"block": { |
|
|
"header": { |
|
|
"id": "blk_timestamp_hash", |
|
|
"prev": "previous_block_hash", |
|
|
"timestamp": "ISO8601_with_nanoseconds", |
|
|
"epistemic_epoch": 1, |
|
|
"ontology_version": "sha256:ontology_hash" |
|
|
}, |
|
|
"body": { |
|
|
"nodes": [RealityNode], |
|
|
"detection_context": { |
|
|
"workflow_hash": "sha256:n8n_workflow_def", |
|
|
"execution_window": { |
|
|
"not_before": "timestamp", |
|
|
"not_after": "timestamp", |
|
|
"time_proof": "signature_from_temporal_validator" |
|
|
}, |
|
|
"threshold_used": "abstract_category_not_numeric" |
|
|
} |
|
|
}, |
|
|
"validations": { |
|
|
"attestations": [ |
|
|
{ |
|
|
"validator_id": "urn:ire:validator:...", |
|
|
"archetype": "human_sovereign", |
|
|
"attestation": "cryptographic_signature", |
|
|
"scope": ["ledger_commit"], |
|
|
"expires": "timestamp" |
|
|
} |
|
|
], |
|
|
"quorum_satisfied": true, |
|
|
"quorum_calc": { |
|
|
"required": {"human_sovereign": 1, "system_epistemic": 1}, |
|
|
"present": {"human_sovereign": 1, "system_epistemic": 1} |
|
|
} |
|
|
}, |
|
|
"integrity_marks": { |
|
|
"evidence_fingerprint": "sha256_of_raw_content", |
|
|
"detection_watermark": "nonce_based_on_workflow_id", |
|
|
"epistemic_checksum": "hash_of_detection_logic_version" |
|
|
} |
|
|
} |
|
|
} |
|
|
``` |
|
|
|
|
|
Detection Threshold Abstraction Layer |
|
|
|
|
|
```python |
|
|
class EpistemicThresholdInterface: |
|
|
"""Abstract threshold interface - n8n never sees numeric thresholds""" |
|
|
|
|
|
def __init__(self, ire_client): |
|
|
self.ire = ire_client |
|
|
|
|
|
def should_escalate(self, detection_results: Dict) -> Dict: |
|
|
"""IRE decides escalation, returns abstract category""" |
|
|
response = self.ire.post("/ire/detect/evaluate", { |
|
|
"results": detection_results, |
|
|
"return_format": "abstract_category" |
|
|
}) |
|
|
|
|
|
return { |
|
|
"escalation_recommended": response.get("category") == "high_confidence", |
|
|
"confidence_level": response.get("confidence_label"), # "high"/"medium"/"low" |
|
|
"next_action": response.get("recommended_action"), |
|
|
# NO NUMERIC THRESHOLDS EXPOSED |
|
|
# NO RAW SCORES EXPOSED |
|
|
} |
|
|
|
|
|
def get_validation_requirements(self, category: str) -> Dict: |
|
|
"""Map escalation category to validator requirements""" |
|
|
mapping = { |
|
|
"high_confidence": { |
|
|
"human_sovereign": 2, |
|
|
"system_epistemic": 1, |
|
|
"community_plurality": 1 |
|
|
}, |
|
|
"medium_confidence": { |
|
|
"human_sovereign": 1, |
|
|
"system_epistemic": 1 |
|
|
}, |
|
|
"low_confidence": { |
|
|
"system_epistemic": 1 |
|
|
} |
|
|
} |
|
|
return mapping.get(category, {}) |
|
|
``` |
|
|
|
|
|
Time-Window Enforcement |
|
|
|
|
|
```python |
|
|
class TemporalIntegrityEnforcer: |
|
|
"""Enforce time-bound execution with cryptographic proofs""" |
|
|
|
|
|
def create_execution_window(self, duration_hours: int = 24) -> Dict: |
|
|
"""Create cryptographically bound execution window""" |
|
|
window_id = f"window_{uuid.uuid4()}" |
|
|
not_before = datetime.utcnow() |
|
|
not_after = not_before + timedelta(hours=duration_hours) |
|
|
|
|
|
# Create time-locked proof |
|
|
window_proof = { |
|
|
"window_id": window_id, |
|
|
"not_before": not_before.isoformat() + "Z", |
|
|
"not_after": not_after.isoformat() + "Z", |
|
|
"issuer": "ire_temporal_validator", |
|
|
"signature": self._sign_temporal_window(window_id, not_before, not_after) |
|
|
} |
|
|
|
|
|
return window_proof |
|
|
|
|
|
def validate_within_window(self, |
|
|
action_timestamp: str, |
|
|
window_proof: Dict) -> bool: |
|
|
"""Validate action occurred within execution window""" |
|
|
# Verify signature |
|
|
if not self._verify_signature(window_proof): |
|
|
return False |
|
|
|
|
|
# Parse timestamps |
|
|
action_time = datetime.fromisoformat(action_timestamp.replace( |
|
|
not_before = datetime.fromisoformat(window_proof[ |
|
|
not_after = datetime.fromisoformat(window_proof[ |
|
|
|
|
|
# Check bounds |
|
|
return not_before <= action_time <= not_after |
|
|
|
|
|
def detect_time_anomalies(self, workflow_executions: List[Dict]) -> List[Dict]: |
|
|
"""Detect temporal manipulation patterns""" |
|
|
anomalies = [] |
|
|
|
|
|
for i, execution in enumerate(workflow_executions): |
|
|
# Check for reverse time flow |
|
|
if i > 0: |
|
|
prev_time = datetime.fromisoformat( |
|
|
workflow_executions[i-1][ |
|
|
) |
|
|
curr_time = datetime.fromisoformat( |
|
|
execution[ |
|
|
) |
|
|
if curr_time < prev_time: |
|
|
anomalies.append({ |
|
|
"type": "reverse_time_flow", |
|
|
"execution_id": execution[ |
|
|
"anomaly": f"Time went backwards: {curr_time} < {prev_time}" |
|
|
}) |
|
|
|
|
|
# Check execution duration anomalies |
|
|
if |
|
|
expected_duration = self._get_expected_duration(execution[ |
|
|
if execution[ |
|
|
anomalies.append({ |
|
|
"type": "suspicious_duration", |
|
|
"execution_id": execution[ |
|
|
"anomaly": f"Duration {execution['duration']} exceeds expected {expected_duration}" |
|
|
}) |
|
|
|
|
|
return anomalies |
|
|
``` |
|
|
|
|
|
Semantic Laundering Defense |
|
|
|
|
|
```python |
|
|
class EpistemicIntegrityGuard: |
|
|
"""Defend against semantic laundering attacks""" |
|
|
|
|
|
def __init__(self): |
|
|
self.similarity_clusters = defaultdict(list) |
|
|
self.source_frequency = defaultdict(int) |
|
|
|
|
|
def check_semantic_laundering(self, |
|
|
content_hash: str, |
|
|
raw_content: str, |
|
|
source_id: str, |
|
|
workflow_id: str) -> Dict: |
|
|
"""Check for semantic laundering patterns""" |
|
|
|
|
|
# Check source frequency |
|
|
self.source_frequency[source_id] += 1 |
|
|
if self.source_frequency[source_id] > 100: # Threshold |
|
|
return { |
|
|
"risk": "high", |
|
|
"reason": "Excessive submissions from single source", |
|
|
"action": "throttle" |
|
|
} |
|
|
|
|
|
# Check similarity clusters |
|
|
content_vector = self._vectorize(raw_content) |
|
|
similar = self._find_similar(content_vector) |
|
|
|
|
|
if similar: |
|
|
cluster_id = similar[0][ |
|
|
self.similarity_clusters[cluster_id].append({ |
|
|
"content_hash": content_hash, |
|
|
"timestamp": datetime.utcnow().isoformat(), |
|
|
"workflow_id": workflow_id |
|
|
}) |
|
|
|
|
|
# Check cluster growth rate |
|
|
if len(self.similarity_clusters[cluster_id]) > 10: |
|
|
return { |
|
|
"risk": "medium", |
|
|
"reason": "Rapid growth of similar content cluster", |
|
|
"action": "flag_for_review" |
|
|
} |
|
|
|
|
|
return {"risk": "low", "reason": "No laundering patterns detected"} |
|
|
|
|
|
def _vectorize(self, content: str) -> List[float]: |
|
|
"""Create semantic vector (simplified - use real embeddings in production)""" |
|
|
# Simple bag-of-words for demonstration |
|
|
words = content.lower().split() |
|
|
word_counts = Counter(words) |
|
|
vector = [word_counts.get(w, 0) for w in self.vocabulary] |
|
|
return vector |
|
|
|
|
|
def _find_similar(self, vector: List[float], threshold: float = 0.8): |
|
|
"""Find similar vectors in existing clusters""" |
|
|
# Simplified similarity search |
|
|
for cluster_id, items in self.similarity_clusters.items(): |
|
|
# In production, use proper vector similarity |
|
|
if random.random() > 0.5: # Placeholder |
|
|
return items |
|
|
return None |
|
|
``` |
|
|
|
|
|
IMPLEMENTATION ROADMAP |
|
|
|
|
|
Phase 1: Core Sovereignty (Weeks 1-2) |
|
|
|
|
|
1. Implement validator PKI and attestation framework |
|
|
2. Deploy threshold abstraction layer |
|
|
3. Add time-window enforcement |
|
|
4. Basic semantic laundering detection |
|
|
|
|
|
Phase 2: Epistemic Defense (Weeks 3-4) |
|
|
|
|
|
1. Full STRIDE-E threat model implementation |
|
|
2. Validator quorum calculus integration |
|
|
3. Ledger schema hardening |
|
|
4. Cross-validation with frozen models |
|
|
|
|
|
Phase 3: Operational Resilience (Weeks 5-6) |
|
|
|
|
|
1. Drift detection and alerting |
|
|
2. Validator role rotation policies |
|
|
3. Recovery procedures for compromise |
|
|
4. Full audit trail integration |
|
|
|
|
|
Phase 4: Community Governance (Weeks 7-8) |
|
|
|
|
|
1. Validator reputation system |
|
|
2. Plurality-based decision frameworks |
|
|
3. Cross-interpreter reconciliation |
|
|
4. Sovereign identity integration |
|
|
|
|
|
VERIFICATION PROTOCOL ENHANCEMENT |
|
|
|
|
|
Daily Sovereignty Check |
|
|
|
|
|
```python |
|
|
def daily_sovereignty_audit(): |
|
|
"""Daily audit to ensure no boundary violations""" |
|
|
|
|
|
checks = [ |
|
|
# 1. Check n8n for epistemic logic |
|
|
scan_n8n_workflows_for_detection_logic(), |
|
|
|
|
|
# 2. Check IRE for orchestration logic |
|
|
scan_ire_for_scheduling_logic(), |
|
|
|
|
|
# 3. Verify threshold abstraction |
|
|
verify_no_numeric_thresholds_in_n8n(), |
|
|
|
|
|
# 4. Validate time-window adherence |
|
|
verify_all_executions_within_windows(), |
|
|
|
|
|
# 5. Check validator quorum compliance |
|
|
verify_all_commits_have_proper_quorum(), |
|
|
|
|
|
# 6. Detect semantic laundering |
|
|
run_semantic_laundering_detection(), |
|
|
|
|
|
# 7. Verify workflow definition integrity |
|
|
hash_and_verify_workflow_definitions(), |
|
|
|
|
|
# 8. Check for drift |
|
|
compare_with_frozen_model_baseline() |
|
|
] |
|
|
|
|
|
sovereignty_score = sum(1 for check in checks if check.passed) / len(checks) |
|
|
|
|
|
return { |
|
|
"sovereignty_score": sovereignty_score, |
|
|
"failed_checks": [c for c in checks if not c.passed], |
|
|
"recommendations": generate_remediation_plan(failed_checks) |
|
|
} |
|
|
``` |
|
|
|
|
|
Weekly Epistemic Integrity Report |
|
|
|
|
|
```python |
|
|
def weekly_epistemic_integrity_report(): |
|
|
"""Weekly comprehensive epistemic health report""" |
|
|
|
|
|
report = { |
|
|
"temporal_integrity": { |
|
|
"execution_windows_violated": count_window_violations(), |
|
|
"time_anomalies_detected": detect_time_anomalies(), |
|
|
"average_execution_latency": calculate_latency() |
|
|
}, |
|
|
"validator_health": { |
|
|
"active_validators": count_active_validators(), |
|
|
"quorum_satisfaction_rate": calculate_quorum_rate(), |
|
|
"validator_role_diversity": measure_diversity() |
|
|
}, |
|
|
"detection_quality": { |
|
|
"drift_from_baseline": measure_drift(), |
|
|
"false_positive_rate": calculate_fpr(), |
|
|
"escalation_accuracy": measure_escalation_accuracy() |
|
|
}, |
|
|
"boundary_integrity": { |
|
|
"n8n_epistemic_contamination": detect_contamination(), |
|
|
"ire_orchestration_leakage": detect_leakage(), |
|
|
"workflow_definition_changes": track_workflow_changes() |
|
|
}, |
|
|
"semantic_defenses": { |
|
|
"laundering_attempts": count_laundering_attempts(), |
|
|
"similarity_clusters": analyze_clusters(), |
|
|
"source_credibility": assess_source_credibility() |
|
|
} |
|
|
} |
|
|
|
|
|
# Calculate overall epistemic health score |
|
|
report["epistemic_health_score"] = calculate_health_score(report) |
|
|
|
|
|
return report |
|
|
``` |
