nexus
/
nip
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nip/docs/security-and-verification-s...

506 lines
16 KiB
Markdown
Raw Blame History

# NimPak Security and Verification System
## Overview
The NimPak Security and Verification System provides military-grade package integrity monitoring, provenance tracking, and trust management for NexusOS. This comprehensive system ensures package authenticity, maintains audit trails, and enforces security policies throughout the package lifecycle.
## Architecture
The security system consists of several interconnected components:
```
┌─────────────────────────────────────────────────────────────┐
│ NimPak Security System │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
│ │ Integrity │ │ Provenance │ │ Trust Policy │ │
│ │ Monitor │ │ Tracker │ │ Manager │ │
│ │ │ │ │ │ │ │
│ │ • Hash Verify │ │ • Chain Track │ │ • Reputation │ │
│ │ • Signature │ │ • Trust Score │ │ • Policies │ │
│ │ • Real-time │ │ • Audit Trail │ │ • Enforcement│ │
│ │ • Health Checks │ │ • Verification │ │ • Community │ │
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
│ │ Hash Verifier │ │ Signature │ │ Keyring │ │
│ │ │ │ Verifier │ │ Manager │ │
│ │ • BLAKE2b/3 │ │ • Ed25519 │ │ • Key Store │ │
│ │ • Streaming │ │ • Dilithium │ │ • Revocation │ │
│ │ • Batch Verify │ │ • Hybrid Sigs │ │ • Trust Web │ │
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
│ │ Event Logger │ │ Periodic │ │ CLI Commands │ │
│ │ │ │ Scanner │ │ │ │
│ │ • Audit Trail │ │ • Scheduled │ │ • nip verify │ │
│ │ • Security Log │ │ • Incremental │ │ • nip doctor │ │
│ │ • Compliance │ │ • Full Scans │ │ • nip track │ │
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────┘
```
## Core Components
### 1. Integrity Monitor (`integrity_monitor.nim`)
The Integrity Monitor provides comprehensive package integrity verification and real-time monitoring.
**Key Features:**
- **Hash Verification**: BLAKE2b/BLAKE3 streaming hash verification for packages of any size
- **Signature Verification**: Ed25519 digital signature verification with post-quantum hooks
- **Real-time Monitoring**: Filesystem watcher for immediate tamper detection
- **Health Check Integration**: Pluggable health checks with the framework
- **Quarantine System**: Automatic quarantine of corrupted files
- **Alert Management**: Comprehensive alerting with severity levels
**Usage:**
```bash
# Verify all packages
nip verify --all
# Verify specific package with auto-repair
nip verify htop --auto-repair
# Run integrity health check
nip doctor --integrity
# Start real-time monitoring
nip verify --all --watch
```
### 2. Provenance Tracker (`provenance_tracker.nim`)
The Provenance Tracker maintains complete package source attribution with cryptographic proof.
**Key Features:**
- **Complete Chain Tracking**: From source to installation with cryptographic proof
- **Trust Score Calculation**: Multi-factor trust scoring based on provenance quality
- **Chain Verification**: Cryptographic verification of provenance steps
- **Graft Preservation**: Maintains provenance during external package grafting
- **Audit Trail Integration**: Complete audit trails for compliance
**Provenance Chain Structure:**
```nim
ProvenanceChain:
- packageId: string
- version: string
- source: ProvenanceSource (original, grafted, converted, rebuilt, mirrored)
- steps: seq[ProvenanceStep]
- trustScore: float (0.0-1.0)
- verificationErrors: seq[string]
```
**Usage:**
```bash
# Track package provenance
nip track htop
# Show detailed trust scoring
nip track htop --trust-score
# Show verification details
nip track htop --verification
# Output structured data
nip track htop --output json
```
### 3. Trust Policy Manager (`trust_policy.nim`)
The Trust Policy Manager enforces security policies and manages community reputation.
**Key Features:**
- **Policy-Based Security**: Configurable trust policies with rule-based evaluation
- **Community Reputation**: Actor reputation system with verification history
- **Dynamic Trust Scoring**: Multi-factor trust calculation with community input
- **Policy Enforcement**: Automatic policy enforcement during package operations
- **Reputation Tracking**: Long-term reputation tracking for package maintainers
**Trust Policy Rules:**
```nim
TrustPolicyRule:
- condition: "trust_score >= 0.8"
- action: "allow" | "deny" | "warn" | "require_approval"
- priority: int
```
**Usage:**
```bash
# List available trust policies
nip trust policy list
# Set active trust policy
nip trust policy set strict
# Show community actors
nip trust actor list
# Show actor details
nip trust actor show nexusos-build-farm
```
### 4. Periodic Scanner (`periodic_scanner.nim`)
The Periodic Scanner provides automated integrity scanning with configurable scheduling.
**Key Features:**
- **Scheduled Scanning**: Configurable full and incremental scans
- **Scan Types**: Full system, incremental (recent changes), and targeted scans
- **Performance Optimization**: Efficient scanning with minimal system impact
- **Scan History**: Complete scan history with statistics and reporting
- **Integration**: Seamless integration with integrity monitoring
**Usage:**
```bash
# Manual full scan
nip scan full
# Manual incremental scan
nip scan incremental
# Targeted scan of specific packages
nip scan targeted htop vim git
# Show scan statistics
nip scan status
# Show scan history
nip scan history
```
## CLI Commands
### `nip verify` - Package Verification
Comprehensive package integrity verification with multiple options.
```bash
# Basic usage
nip verify <package|--all> [options]
# Options
--no-signatures # Skip signature verification
--no-hashes # Skip hash verification
--signatures-only # Only verify signatures
--hashes-only # Only verify hashes
--verbose, -v # Verbose output
--details # Show detailed verification info
--auto-repair # Attempt automatic repair
--watch # Enable real-time monitoring
--periodic # Enable periodic scanning
--output <format> # Output format (json, yaml, kdl)
# Examples
nip verify --all --verbose
nip verify htop --auto-repair
nip verify --all --watch --periodic
```
### `nip doctor --integrity` - Health Checks
System integrity health checks with comprehensive reporting.
```bash
# Basic usage
nip doctor --integrity [options]
# Options
--auto-repair # Attempt automatic repair
--verbose, -v # Verbose output
--no-recommendations # Hide repair recommendations
--output <format> # Output format (json, yaml, kdl)
# Examples
nip doctor --integrity
nip doctor --integrity --auto-repair --verbose
```
### `nip track` - Provenance Tracking
Package provenance tracking with trust scoring and verification.
```bash
# Basic usage
nip track <package> [options]
# Options
--version <version> # Specific version
--trust-score # Show detailed trust scoring
--verification # Show verification details
--no-steps # Hide individual provenance steps
--no-validation # Skip chain validation
--verbose, -v # Verbose output
--output <format> # Output format (json, yaml, kdl)
# Examples
nip track htop
nip track htop --trust-score --verification
nip track htop --output json
```
### `nip trust` - Trust Policy Management
Trust policy and community reputation management.
```bash
# Policy management
nip trust policy list
nip trust policy set <policy_id>
nip trust policy show [policy_id]
# Actor management
nip trust actor list
nip trust actor show <actor_id>
# Examples
nip trust policy list
nip trust policy set strict
nip trust actor show nexusos-build-farm
```
### `nip scan` - Manual Scanning
Manual integrity scanning with different scope options.
```bash
# Scan types
nip scan full # Full system scan
nip scan incremental # Incremental scan (recent changes)
nip scan targeted <packages...> # Targeted scan
# Status and history
nip scan status # Show scan statistics
nip scan history [limit] # Show scan history
# Examples
nip scan full
nip scan targeted htop vim git
nip scan history 10
```
## Configuration
### Integrity Monitor Configuration
```kdl
integrity {
enable_realtime_watcher true
scan_interval 3600 // 1 hour
watch_paths "/Programs" "/System/Index" "/System/Generations"
alert_threshold 5
auto_repair false
quarantine_corrupted true
}
```
### Provenance Tracker Configuration
```kdl
provenance {
enable_tracking true
store_location "/var/lib/nimpak/provenance"
verification_interval 24 // 24 hours
auto_verify_on_install true
require_provenance_for_install false
}
```
### Trust Policy Configuration
```kdl
trust_policy {
enable_policy_enforcement true
policy_store_path "/etc/nimpak/trust-policies"
reputation_store_path "/var/lib/nimpak/reputation"
auto_update_reputation true
require_approval_threshold 0.5
}
```
### Periodic Scanner Configuration
```kdl
periodic_scanner {
enabled true
full_scan_interval 24 // Hours between full scans
incremental_interval 15 // Minutes between incremental scans
full_scan_hour 2 // Hour of day for full scan (0-23)
max_concurrent_scans 2
scan_timeout 3600 // Timeout for individual scans (seconds)
}
```
## Security Features
### Cryptographic Verification
- **Hash Algorithms**: BLAKE2b (primary), BLAKE3 (future), SHA256 (legacy)
- **Signature Algorithms**: Ed25519 (primary), Dilithium (post-quantum future)
- **Hybrid Signatures**: Support for classical + post-quantum signature combinations
- **Streaming Verification**: Memory-efficient verification for large packages
### Real-time Monitoring
- **Filesystem Watcher**: Real-time monitoring of critical paths
- **Tamper Detection**: Immediate detection of unauthorized modifications
- **Quarantine System**: Automatic isolation of corrupted files
- **Alert Generation**: Comprehensive alerting with severity classification
### Trust Management
- **Multi-factor Trust Scoring**: Based on provenance, signatures, reputation, and age
- **Community Reputation**: Long-term reputation tracking for package maintainers
- **Policy Enforcement**: Configurable trust policies with rule-based evaluation
- **Audit Trails**: Complete audit trails for compliance and forensics
## Integration Points
### Health Check Framework
The security system integrates with the existing health check framework:
```nim
# Register integrity health checks
registerIntegrityHealthChecks()
# Run all health checks
let results = runHealthChecks()
# Start health check daemon
startHealthCheckDaemon(monitor)
```
### Security Event Logging
All security events are logged for audit and compliance:
```nim
# Log security events
logGlobalSecurityEvent(EventPackageVerification, SeverityInfo, "nip-verify",
"Package verification completed successfully")
# Event types
EventPackageVerification
EventSecurityIncident
EventSystemHealthCheck
EventFileSystemChange
```
### Grafting Integration
Provenance is preserved during grafting operations:
```nim
# Preserve provenance during graft
let preservedChain = preserveProvenanceDuringGraft(originalChain,
graftedPackageName, graftedVersion, sourceEcosystem)
# Preserve provenance during conversion
let convertedChain = preserveProvenanceDuringConvert(graftedChain, convertedHash)
```
## Performance Characteristics
### Hash Verification Performance
- **BLAKE2b**: ~1.5 GB/s on modern hardware
- **Streaming**: Constant memory usage regardless of file size
- **Batch Processing**: Optimized for multiple file verification
- **Chunk Size Optimization**: Adaptive chunk sizes for different file sizes
### Monitoring Overhead
- **Real-time Monitoring**: <1% CPU overhead
- **Periodic Scanning**: Configurable to minimize system impact
- **Incremental Scans**: Only check recently modified packages
- **Background Processing**: Non-blocking operations with async I/O
### Storage Requirements
- **Provenance Data**: ~1KB per package per version
- **Scan History**: ~100 bytes per scan result
- **Event Logs**: ~200 bytes per security event
- **Trust Data**: ~500 bytes per community actor
## Compliance and Auditing
### ACUL Compliance
The security system supports ACUL (Auditable Compute Use License) compliance:
- **Reproducible Builds**: Verification of build reproducibility
- **License Tracking**: License compliance verification
- **Audit Trails**: Complete audit trails for all operations
- **Signature Requirements**: Configurable signature requirements
### Security Standards
- **NIST Guidelines**: Follows NIST cybersecurity framework
- **Cryptographic Standards**: Uses approved cryptographic algorithms
- **Audit Requirements**: Comprehensive logging for security audits
- **Incident Response**: Automated incident detection and response
## Troubleshooting
### Common Issues
1. **Hash Verification Failures**
- Check file integrity
- Verify expected hash values
- Check for file corruption
2. **Signature Verification Failures**
- Verify key availability
- Check key revocation status
- Validate signature format
3. **Trust Policy Violations**
- Review active trust policy
- Check package trust score
- Verify actor reputation
4. **Performance Issues**
- Adjust scan intervals
- Optimize chunk sizes
- Check system resources
### Debug Commands
```bash
# Enable verbose logging
nip verify --all --verbose
# Show detailed trust breakdown
nip track <package> --trust-score --verification
# Check system health
nip doctor --integrity --verbose
# Show scan statistics
nip scan status
```
## Future Enhancements
### Post-Quantum Cryptography
- **Dilithium Signatures**: Post-quantum signature algorithm support
- **Hybrid Signatures**: Classical + post-quantum signature combinations
- **Migration Tools**: Smooth transition to post-quantum algorithms
### Advanced Analytics
- **Machine Learning**: Anomaly detection using ML algorithms
- **Behavioral Analysis**: Package behavior analysis for threat detection
- **Predictive Security**: Predictive security threat identification
### Distributed Trust
- **Blockchain Integration**: Distributed trust verification
- **Consensus Mechanisms**: Multi-party trust consensus
- **Decentralized Reputation**: Distributed reputation management
---
This comprehensive security and verification system provides NimPak with enterprise-grade security capabilities, ensuring package integrity, maintaining complete audit trails, and enforcing configurable trust policies throughout the package lifecycle.
Reference in New Issue View Git Blame Copy Permalink