Threat Model
This document describes the explicit threat model for BeaconGuard Assurance. It enumerates assumptions, assets, threat categories, and mitigations.
The goal is not to claim absolute security, but to make attack surfaces, failure modes, and protections explicit and reviewable.
Security Assumptions
BeaconGuard operates under the following assumptions:
- The enforcement runtime executes in a controlled environment
- Cryptographic primitives are correctly implemented and not broken
- Policy snapshots are authored and signed by trusted parties
- Transport-level security (e.g., TLS) is provided by the deployment environment
If these assumptions do not hold, BeaconGuard makes no guarantees.
Protected Assets
BeaconGuard is designed to protect the following assets:
- Policy snapshots and their integrity
- Authorization decision semantics
- Audit records and their immutability
- Deterministic replay capability
- Provenance of decisions and artifacts
Threat Categories
Policy Tampering
Threat: An attacker modifies policy logic or semantics without detection.
Mitigations:
- Policies are signed before use
- Enforcement accepts only verified snapshots
- Policy identity and version recorded in every audit record
- No mutable policy state at runtime
Unauthorized Authorization Bypass
Threat: An attacker attempts to force an ALLOW decision through malformed inputs or fallback paths.
Mitigations:
- Fail-closed semantics
- Explicit input normalization
- No permissive fallback behavior
- Deterministic evaluation with bounded outcomes
Audit Record Manipulation
Threat: An attacker deletes, alters, or suppresses audit records.
Mitigations:
- Append-only audit model
- No in-place modification
- Policy and decision identity embedded in records
- Externalized storage recommended for durability
Replay Forgery
Threat: An attacker attempts to fabricate replay inputs to misrepresent historical decisions.
Mitigations:
- Replay requires original normalized inputs
- Replay references a specific policy snapshot identity
- Mismatch between inputs and snapshot yields deterministic failure
Time-of-Check / Time-of-Use (TOCTOU)
Threat: Policy or artifact changes between authorization and audit recording.
Mitigations:
- Policy snapshot identity fixed per evaluation
- Audit record emitted as part of evaluation result
- No late-binding of policy semantics
Model-Induced Side Effects
Threat: AI model behavior influences authorization semantics indirectly.
Mitigations:
- Authorization logic is model-agnostic
- No inspection of model internals
- No probabilistic decision paths
- Models are treated as external systems
Non-Goals and Explicit Exclusions
BeaconGuard does not attempt to mitigate:
- Compromise of the underlying operating system
- Insider threats with signing authority
- Vulnerabilities in AI model training data
- Downstream misuse of allowed outputs
These are intentionally out of scope and must be addressed by surrounding controls.
Residual Risk
Residual risk is explicitly acknowledged:
- Misconfiguration can deny legitimate access
- Policy authoring errors can encode incorrect intent
- Key management failures undermine integrity guarantees
BeaconGuard prioritizes visibility and determinism over silent tolerance.