Threat Model
QNSP's security threat model and mitigations.
Threat Model
QNSP's security threat model and mitigations.
Assets protected
- Encryption keys
- Secrets and credentials
- Encrypted data
- Audit logs
- Identity information
Threat actors
External attackers
- Network-based attacks
- Credential theft
- API abuse
Malicious insiders
- Privileged access abuse
- Data exfiltration
- Unauthorized access
Compromised workloads
- Container escape
- Supply chain attacks
- Malware
Attack vectors
Network attacks
| Threat | Mitigation |
|---|---|
| Man-in-the-middle | TLS 1.3, certificate pinning |
| DDoS | Rate limiting, WAF, CDN |
| API abuse | Authentication, rate limits |
Authentication attacks
| Threat | Mitigation |
|---|---|
| Credential stuffing | Rate limiting, MFA |
| Token theft | Short TTL, secure storage |
| Session hijacking | Secure cookies, token binding |
Cryptographic attacks
| Threat | Mitigation |
|---|---|
| Quantum attacks | PQC algorithms |
| Key extraction | HSM, enclave protection |
| Side channels | Constant-time implementations |
Trust boundaries
- External → Edge gateway
- Edge gateway → Services
- Services → HSM/Enclave
- Services → Data stores
Security controls
- Defense in depth
- Least privilege
- Zero trust
- Continuous monitoring