Security Model
This document describes the security architecture of NCN Network v2, including threat modeling, security mechanisms, and trust assumptions.
Security Overview
NCN Network employs a defense-in-depth strategy with multiple security layers:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Security Architecture │
│ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ Layer 5: Economic Security │ │
│ │ • Validator staking and slashing │ │
│ │ • Escrow-based payments │ │
│ │ • Economic incentives for honest behavior │ │
│ └───────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ Layer 4: Cryptographic Security │ │
│ │ • secp256k1 ECDSA signatures │ │
│ │ • SHA-256 hashing │ │
│ │ • Signature verification on-chain │ │
│ └───────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ Layer 3: Consensus Security │ │
│ │ • M-of-N validator signatures │ │
│ │ • Distributed validation │ │
│ │ • Byzantine fault tolerance │ │
│ └───────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ Layer 2: Execution Security │ │
│ │ • Sandboxed model execution │ │
│ │ • System call filtering (seccomp) │ │
│ │ • Process isolation (namespaces) │ │
│ │ • Filesystem isolation (Landlock) │ │
│ │ • Resource limits │ │
│ └───────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────────────────────────┐ │
│ │ Layer 1: Network Security │ │
│ │ • TLS encryption │ │
│ │ • Rate limiting │ │
│ │ • Authentication │ │
│ └───────────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘Threat Model
Assets
User Funds
Critical
Theft, double-spend
Private Keys
Critical
Exposure, theft
Computation Integrity
High
Manipulation, fraud
Model Data
High
Theft, tampering
Service Availability
Medium
DoS attacks
Threat Actors
Malicious Model
Code execution
Data theft, resource abuse
Rogue Compute Node
Access to data
Payment fraud
Rogue Validator
Signing authority
Approve invalid results
External Attacker
Network access
Service disruption, theft
Colluding Operators
Multiple roles
Payment manipulation
Attack Surface
Trust Assumptions
What We Trust
Blockchain consensus
Ethereum security model
Cryptographic primitives
Standard algorithms (secp256k1, SHA-256)
Linux kernel
Seccomp, namespaces, Landlock are kernel features
Majority of validators
M-of-N consensus (Byzantine fault tolerant)
What We Don't Trust
Any single validator
M-of-N consensus
Model code
Sandbox isolation
Compute nodes
Signature verification
Network
TLS encryption
Client input
Input validation
Sandbox Security
Isolation Mechanisms
Attack Prevention
Network access
Network namespace
No network interfaces
File theft
Landlock
Restricted file access
Fork bomb
RLIMIT_NPROC
Process limit
Memory bomb
RLIMIT_AS
Memory limit
CPU exhaustion
RLIMIT_CPU
CPU time limit
Syscall escape
seccomp
Syscall whitelist
Cryptographic Security
Signature Scheme
Algorithm: secp256k1 ECDSA (Ethereum-compatible)
Signed Data
Preprocessing validation
Validators
Authorize payment
Compute result
Compute node
Attest to computation
Completion validation
Validators
Authorize distribution
Subnet creation
Gateway
Authorize subnet
Verification Flow
Economic Security
Validator Staking
Slashing Conditions
Invalid signature
50% stake
On-chain verification
Approve invalid result
30% stake
Challenge period
Collusion
100% stake
Governance action
Prolonged downtime
10% stake
Heartbeat monitoring
Escrow Protection
Network Security
TLS Configuration (Recommended)
Rate Limiting
HTTP Inference
100
1 minute
gRPC Submit
1000
1 minute
WebSocket
10 connections
Per IP
Network Isolation
Security Recommendations
Production Checklist
Key Management
Development
Environment variables
Staging
Secrets manager
Production
HSM / Hardware wallet
Incident Response
Detection: Monitor for anomalies
Containment: Pause affected services
Investigation: Collect logs and evidence
Remediation: Fix vulnerability
Recovery: Restore services
Post-mortem: Document and improve
Related Documentation
Sandbox Security - Sandbox details
Cryptographic Signing - Signature verification
Payment Security - Payment protection
Best Practices - Security recommendations
Last updated