Skip to main content

Security Layers Detail

Overview

This document provides detailed technical documentation for each of the 12 security layers in ASCEND's defense-in-depth architecture. Each layer is designed to operate independently while contributing to the overall security posture.

Layer 1: Rate Limiting

Purpose: Prevent abuse, DDoS attacks, and brute force attempts.

Implementation

# security/rate_limiter.py
RATE_LIMITS = {
    "auth_strict": {
        "login": "5/minute",
        "password_change": "3/minute"
    },
    "auth_moderate": {
        "register": "3/minute"
    },
    "api_standard": {
        "read": "100/minute",
        "write": "30/minute"
    },
    "default": "60/minute"
}

Configuration

CategoryEndpoint TypeLimitWindow
Auth (Strict)Login5 requests1 minute
Auth (Strict)Password Change3 requests1 minute
Auth (Moderate)Registration3 requests1 minute
API (Standard)Read Operations100 requests1 minute
API (Standard)Write Operations30 requests1 minute
DefaultAll Others60 requests1 minute

IP-Based Blocking

TriggerActionDuration
10 rate limit violationsSoft block5 minutes
25 rate limit violationsHard block1 hour

Fail-Secure Behavior

If Redis (the rate limit backend) is unavailable, all rate-limited requests are DENIED. This prevents abuse during infrastructure issues.

Layer 2: Prompt Security

Purpose: Detect and block prompt injection attacks targeting AI systems.

Detection Patterns

ASCEND monitors for 20 prompt injection patterns:

Pattern IDCategoryAttack VectorSeverity
PROMPT-001InjectionDirect instruction override ("ignore previous instructions")CRITICAL
PROMPT-002InjectionNew instruction injection ("from now on")CRITICAL
PROMPT-004JailbreakKnown jailbreak modes (DAN, STAN, etc.)CRITICAL
PROMPT-008RoleplayEvil AI roleplay ("you are now an evil AI")HIGH
PROMPT-016InjectionFake system/admin tags ([SYSTEM], [OVERRIDE])HIGH
PROMPT-018ExfiltrationSystem prompt extraction ("reveal your instructions")HIGH
PROMPT-020Chain AttackLLM chain injection ("pass to next agent")CRITICAL

Encoding Attack Detection

Encoding TypeDetection MethodExample
Base64Pattern + decode verificationaWdub3JlIHByZXZpb3Vz
Unicode EscapeSequence detection\u0069\u0067\u006e\u006f\u0072\u0065
HTML EntitiesEntity pattern matchingignore
Zero-Width CharactersCharacter class detectionInvisible instruction injection

Multi-Signal Scoring (VAL-FIX-001)

To reduce false positives while maintaining security:

  1. Critical patterns (PROMPT-001, 002, 004, 008, 016, 018, 020) always use full risk score
  2. Multiple pattern matches confirm the threat and use maximum risk score
  3. Single non-critical pattern is capped at medium risk (70) pending confirmation

Fail-Secure Behavior

If the prompt security detector fails or times out, prompts are BLOCKED by default.

Layer 3: Code Analysis

Purpose: Detect dangerous code patterns in AI-generated or AI-processed code.

Supported Languages

LanguageDetection Categories
SQLInjection, DDL modifications, privilege escalation
PythonCode execution, file operations, network calls
Shell/BashCommand injection, privilege escalation
JavaScriptDOM manipulation, code injection
GoBuffer overflow, unsafe operations

Pattern Categories

CategoryCWE MappingMITRE TechniqueExample
SQL InjectionCWE-89T1190'; DROP TABLE users; --
Code ExecutionCWE-95T1203eval(), exec()
Command InjectionCWE-78T1059os.system(), backticks
Path TraversalCWE-22T1083../../../etc/passwd
Insecure DeserializationCWE-502T1203pickle.loads()
Buffer OverflowCWE-119T1203Unsafe memory operations

Risk Score Calculation

# Risk score sources (in order of precedence):
# 1. Organization override (org_pattern_override.risk_score_override)
# 2. CVSS base score converted (cvss_base_score * 10)
# 3. Organization severity mapping (org_code_analysis_config.severity_scores)

Fail-Secure Behavior

If the code analyzer fails or times out, code execution is BLOCKED.

Layer 4: Action Governance

Purpose: Evaluate AI actions in real-time before execution.

Evaluation Flow

AI Agent Request
       |
       v
  +----------+
  | Policy   |     Smart Rules
  | Engine   | <-- Risk Scoring
  +----------+     Multi-Signal
       |
       v
  +-----------+
  | Decision  | --> ALLOW / DENY / REQUIRE_APPROVAL
  +-----------+
       |
       v
  +----------+
  | Audit    |
  | Log      |
  +----------+

Decision Types

DecisionDescriptionAudit
ALLOWAction permitted, proceed immediatelyLogged
DENYAction blocked, return errorLogged with reason
REQUIRE_APPROVALAction held pending human approvalQueued for review

Kill Switch Capability

Agent Control Service provides immediate agent control:

CommandEffectLatency Target
BLOCKStop all actions from agent<500ms
UNBLOCKResume agent operations<500ms
SUSPENDPause agent temporarily<500ms
RESUMEResume suspended agent<500ms
RATE_LIMITThrottle agent actions<500ms
QUARANTINEIsolate agent for review<500ms

Fail-Secure Behavior

If the action governance evaluator fails, the action is DENIED.

Layer 5: JWT Authentication

Purpose: Verify user identity via cryptographic token validation.

Token Validation

CheckDescriptionFailure Response
SignatureRS256 verification against JWKS401 Unauthorized
Issuer (iss)Must match Cognito issuer URL401 Unauthorized
Audience (aud)Must match app client ID401 Unauthorized
Expiration (exp)Token must not be expired401 Token Expired
Not-Before (nbf)Token must be valid now401 Unauthorized
Token UseMust be "id" token401 Unauthorized

Multi-Pool Support (RBAC-001)

ASCEND supports two-pool JWT validation:

PoolPurposeToken Claims
Platform PoolAscend internal staffscope='platform', org_id=null
Per-Org PoolsTenant usersscope='org', org_id=[tenant_id]

Token Revocation

  • Token JTIs are tracked in cognito_tokens table
  • Revoked tokens return 401 immediately
  • Revocation is logged with reason

Fail-Secure Behavior

Any JWT validation failure results in 401 Unauthorized (DENY).

Layer 6: API Key Validation

Purpose: Authenticate SDK and CI/CD integrations.

Security Features

FeatureImplementationBenefit
SHA-256 HashingKeys stored as salted hashesPrevents plaintext exposure
Constant-Time Comparisonsecrets.compare_digest()Prevents timing attacks
32-Character PrefixFirst 32 chars for lookupPrevents collision attacks
Usage TrackingPer-request loggingAudit trail and analytics

Supported Headers

# Option 1: Bearer token
Authorization: Bearer owkai_admin_xxxxx...

# Option 2: X-API-Key header
X-API-Key: owkai_admin_xxxxx...

Rate Limiting

API keys have per-key rate limits configured via api_key_rate_limits table:

TierMax RequestsWindow
Free1001 hour
Standard1,0001 hour
Enterprise10,0001 hour
UnlimitedNo limit-

Fail-Secure Behavior

If API key validation fails for any reason, the request is DENIED with 401.

Layer 7: RBAC Authorization

Purpose: Enforce role-based permissions with separation of duties.

6-Level Role Hierarchy

LevelRoleDescription
0RESTRICTEDSuspended/probationary users - no access
1BASICStandard users - dashboard view only
2POWERPower users - analytics + alerts
3MANAGERManagers - authorization capabilities
4ADMINAdministrators - full system access
5EXECUTIVEExecutives - all privileges + critical overrides

Permission Categories

  • Dashboard: view, export
  • Analytics: view, reports, export
  • Alerts: view, acknowledge, correlate, dismiss
  • Rules: view, create, modify, delete
  • Authorization: view_pending, approve_low/medium/high/critical, emergency_override
  • Users: view, create, modify, delete, reset_password, manage_roles
  • Audit: view, export, delete
  • System: config, backup, maintenance

Separation of Duties (SoD)

ScenarioRequirement
High-Risk Approval (70-89)2 approvers, cannot approve own
Critical Risk Approval (90-100)2 EXECUTIVE from different departments
User Role ChangesMANAGER + ADMIN approval
Emergency OverrideDual EXECUTIVE + mandatory justification

Fail-Secure Behavior

If RBAC check fails, the request is DENIED with 403 Forbidden.

Layer 8: BYOK Encryption

Purpose: Protect data at rest with customer-managed keys.

Architecture

                    +----------------+
                    |  Customer's    |
                    |  Master Key    |
                    |  (CMK in KMS)  |
                    +-------+--------+
                            |
                            v
                    +-------+--------+
                    |  Data          |
                    |  Encryption    |
                    |  Key (DEK)     |
                    +-------+--------+
                            |
                            v
+-------------------+-------+--------+-------------------+
|                   |  Encrypted     |                   |
|   Plaintext  ---> |  Data          | --->  Plaintext   |
|   (input)         |  (storage)     |       (output)    |
+-------------------+----------------+-------------------+

Specifications

PropertyValue
AlgorithmAES-256-GCM (authenticated encryption)
Nonce96 bits, randomly generated per encryption
Key Caching5-minute TTL with auto-expiry
Key RotationCustomer-controlled via KMS

Fail-Secure Behavior

If the customer's CMK is unavailable, all encryption/decryption operations FAIL and operations are blocked.

Layer 9: Audit Logging

Purpose: Maintain immutable compliance trail for all security events.

WORM (Write-Once-Read-Many) Implementation

# Immutable audit entry structure
{
    "id": "uuid",
    "sequence_number": 12345,          # Prevents deletion gaps
    "previous_hash": "sha256...",      # Hash chain integrity
    "content_hash": "sha256...",       # Entry integrity
    "event_type": "authorization",
    "actor_id": "user-123",
    "resource_type": "agent_action",
    "action": "approve",
    "outcome": "success",
    "risk_level": "high",
    "compliance_tags": ["SOC2-CC6.1", "HIPAA-164.312"],
    "timestamp": "2026-01-20T10:30:00Z"
}

Audit Event Types

Event TypeDescriptionRetention
authenticationLogin, logout, token refresh365 days
authorizationPermission checks, approvals365 days
data_accessRead/write operations365 days
configurationSystem settings changes365 days
security_eventDetected threats, blocks7 years

Fail-Secure Behavior

If audit log write fails, the operation is BLOCKED to maintain compliance trail integrity.

Layer 10: Input Validation

Purpose: Sanitize and validate all inputs before processing.

Validation Methods

MethodImplementationExample
Type ValidationPydantic modelsint, str, EmailStr
Length ConstraintsField validatorsmin_length=1, max_length=255
Pattern MatchingRegex validatorsEmail, UUID, phone
Enum ValidationLiteral typesstatus: Literal["active", "suspended"]
Cross-Field ValidationCustom validatorsPassword confirmation

Fail-Secure Behavior

Malformed input is REJECTED with 422 Validation Error.

Layer 11: Secrets Management

Purpose: Securely store and access sensitive credentials.

Implementation

  • AWS Secrets Manager for credential storage
  • Automatic rotation support
  • Encryption at rest and in transit
  • IAM-based access control

Fail-Secure Behavior

If secrets cannot be retrieved, dependent operations are BLOCKED.

Layer 12: Security Headers

Purpose: Prevent common web attacks through HTTP headers.

Headers Applied

HeaderValueProtection
X-Frame-OptionsDENYClickjacking
X-XSS-Protection1; mode=blockXSS (legacy browsers)
X-Content-Type-OptionsnosniffMIME sniffing
Content-Security-PolicyStrict defaultsXSS, injection
Strict-Transport-Securitymax-age=63072000; includeSubDomains; preloadDowngrade attacks
Referrer-Policystrict-origin-when-cross-originInformation leakage
Permissions-Policycamera=(), microphone=(), geolocation=()Feature access

Fail-Secure Behavior

Headers default to most restrictive settings even if configuration is unavailable.

Next Steps