T95-zero-trust-c0f3e8a4b2d7This zero-trust architecture is built to defeat four classes of attack that have hit UK public-sector and allied deployments in 2023–2025:
| # | Threat class | Named precedent | Why traditional perimeter fails | Zero-trust mitigation |
|---|---|---|---|---|
| 1 | Lateral movement post-compromise | US federal civilian agency breach 2024 (CISA AA24-038A) | Once inside, attacker traverses freely on flat VLAN | mTLS between every workload pair; SPIFFE ID verified per request |
| 2 | Supply-chain injection | 3CX / SolarWinds / xz-utils 2024 | Signed vendor binary runs with full trust | SIGIL-anchored SBOM + per-binary Ed25519 signature + drift detection |
| 3 | Insider / credential theft | MGM / Caesars 2023 | Stolen creds = full network access | Short-lived SPIFFE SVIDs (1h TTL) + per-workload authorisation policy |
| 4 | Air-gap exfiltration via side-channel | Stuxnet / agent.btz family | Air-gap itself is the only barrier | Signed offline update bundles + SPIFFE offline root + 90-day rotation, no inbound network |
Air-gapped. Runs the sovereign model weights, BFT council voting, SIGIL chain root, and policy engine. Physically isolated from public networks. Updated only via signed bundles transferred on tamper-evident media with 2-of-3 human custody.
Identity: SPIFFE offline root CA (Ed25519, 90-day rotation, 3 signed copies in 3 physical safes)
mTLS-meshed. All DEFONEOS services run in Linkerd service mesh with mTLS 1.3 and per-workload SPIFFE IDs. Every request authenticates the calling workload, not just the user.
Identity: SPIRE agent on every node, federated with offline root CA
Tenant-isolated. Each buyer tenant gets its own namespace, its own SPIFFE trust domain, its own mTLS root. No cross-tenant traffic is even possible at the mesh layer.
Identity: Per-tenant CA signed by sovereign root, auto-rotated 24h
| # | Control | CAF v3.1 outcome | Implementation | Evidence | Maturity |
|---|---|---|---|---|---|
| Z1 | Identity-issued to every workload | A1.b Identity & access control | SPIFFE/SPIRE issues SVID to every pod/container; no implicit identity | spire-agent api fetch -socketPath /tmp/agent.sock | Achieving |
| Z2 | mTLS between every workload pair | B1.d Secure configuration | Linkerd proxy injected; mTLS 1.3 enforced via linkerd policy | linkerd viz stat --from deploy/buyer-tenant-a to deploy/buyer-tenant-b | Performing |
| Z3 | Policy-based authorisation (not ACLs) | A1.c Identity & access control | OPA/Cedar policies per workload + per tenant | Policy bundle SIGIL-anchored, hash-pinned | Achieving |
| Z4 | Default-deny at every layer | B5.c Secure configuration | NetworkPolicies default-deny all ingress; explicit allow rules | kubectl get networkpolicy -A -o yaml | grep -c policyTypes | Performing |
| Z5 | Per-request authentication | A2.b Identity & access control | JWT bound to SPIFFE SVID; 1h TTL; refresh via SPIRE | SVID chain visible in mTLS handshake logs | Achieving |
| Z6 | Encrypted-in-transit (L4 + L7) | B3.b Data-in-transit protection | mTLS 1.3 at mesh; TLS 1.3 at edge; ALPN h2 for L7 | Linkerd TLS reports; step certificate inspect | Performing |
| Z7 | Continuous verification | C1.b Monitoring | Every request emits SIGIL attestation; weekly SIEM digest | 33-agent BFT weekly attest; SIGIL digest on disk | Performing |
| Z8 | Software supply-chain attestation | B4.b Supply chain security | SLSA L3 build provenance + Sigstore cosign signatures + SIGIL cross-sign | cosign verify --certificate-identity-regexp '.*' --certificate-oidc-issuer 'sigstore.dev' | Achieving |
| Z9 | SBOM drift detection | B4.c Supply chain security | Daily SBOM scan vs last signed SBOM; SIGIL-anchored alert on delta | SBOM hash in SIGIL digest; alert to CISO channel | Achieving |
| Z10 | Air-gap fallback path | A4.b Resilience | Offline SPIRE root + signed update bundles; no internet egress from sovereign core | Quarterly air-gap drill, attested via SIGIL | Performing |
| Z11 | Tenant cryptographic isolation | A1.d Identity & access control | Per-tenant SPIFFE trust domain; cross-domain call requires explicit policy | Tenant mesh topology attested weekly | Performing |
| Z12 | Incident response under zero-trust | D1.b Response | Workload quarantine via SPIRE revocation (SVID kill-switch); runs in <30s | Tabletop quarterly; SIGIL receipt per drill | Achieving |
BUYER EDGE (Zone C) OPERATIVE MESH (Zone B) SOVEREIGN CORE (Zone A)
───────────────────── ───────────────────────── ─────────────────────
┌────────────┐ mTLS 1.3 ┌──────────────────┐ mTLS 1.3 ┌──────────────┐
│ Buyer UIs │ ═══════════════════► │ Linkerd proxy │ ═══════════════════► │ BFT council │
│ (per- │ SVID: │ (per-pod │ SVID: │ + SIGIL root│
│ tenant) │ spiffe://csoai.org/ │ mTLS injector) │ spiffe://csoai.org/ │ + model wt │
└────────────┘ tenant-a/web │ │ ops/inference │ + policy eng│
└──────────────────┘ └──────────────┘
│ ▲
│ mTLS 1.3 │ signed update
▼ │ bundle (no
┌──────────────────┐ │ inbound net)
│ MCP servers │ │
│ (per-tenant) │ ──────────── mTLS ────────│
└──────────────────┘
When the operative mesh loses connectivity to the sovereign core (or a buyer is offline-disconnected for SC-class reasons), DEFONEOS falls back to a fully-air-gapped mode. The procedure:
{control_id, evidence_url, sha256, ed25519_sig, bft_vote_round, attested_at}defoneos.verify.control("Z7")| Dimension | DEFONEOS ZTNA | Palantir Foundry | Anduril Lattice | AWS GovCloud |
|---|---|---|---|---|
| Identity per workload | SPIFFE/SPIRE native | Service accounts + Vault | Custom Lattice auth | IAM Roles for Service Accounts |
| Default-deny posture | Yes, enforced via NetworkPolicy | Partial (relies on Foundry policies) | Yes, custom mesh | No (default-allow inside VPC) |
| Air-gap fallback | First-class, signed bundles | Not supported | Custom, fragile | Not possible (cloud-only) |
| UK SC-cleared delivery path | Yes, per control Z1–Z12 | Difficult (US person heavy) | Very difficult | Possible but US-jurisdiction |
| Tenant cryptographic isolation | Per-tenant SPIFFE trust domain | Logical only | Logical only | Account-bound only |
| SIGIL evidence per control | Native | Add-on | Add-on | Add-on (CloudTrail + custom) |
When a buyer (Dstl / UKDI / DSTL Cyber / DEFCON 760 / Royal Navy) asks for zero-trust evidence, the CRO hands them a 6-page pack derived from this document:
curl https://csoai.org/defoneos-mod-zero-trust-network-architecture.html | shasum -a 256 — verify document hash matches SIGIL digest above.defoneos.verify.control("Z7") (or visit csoai.org/defoneos-mod-zero-trust-network-architecture.html#Z7) — verify continuous-monitoring control attestation.engineering@csoai.org