Threat Model
QNSP's security threat model and mitigations.
QNSP's security threat model and mitigations.
- Encryption keys
- Secrets and credentials
- Encrypted data
- Audit logs
- Identity information
- Network-based attacks
- Credential theft
- API abuse
- Privileged access abuse
- Data exfiltration
- Unauthorized access
- Container escape
- Supply chain attacks
- Malware
| Threat |
Mitigation |
| Man-in-the-middle |
TLS 1.3, certificate pinning |
| DDoS |
Rate limiting, WAF, CDN |
| API abuse |
Authentication, rate limits |
| Threat |
Mitigation |
| Credential stuffing |
Rate limiting, MFA |
| Token theft |
Short TTL, secure storage |
| Session hijacking |
Secure cookies, token binding |
| Threat |
Mitigation |
| Quantum attacks |
PQC algorithms |
| Key extraction |
HSM, enclave protection |
| Side channels |
Constant-time implementations |
- External → Edge gateway
- Edge gateway → Services
- Services → HSM/Enclave
- Services → Data stores
- Defense in depth
- Least privilege
- Zero trust
- Continuous monitoring