Security and Governance
5. Security and Governance
AVEC₀ as the basis of authority · Delegation hierarchy · NRGN and SYGN · Three levels of policies · Encryption · Audit
5. 1. GNET Security Principles
Security in GNET is not a property of the transport layer. Security is a property of the nodes — distributed agents, each of which controls its own area of responsibility.
The central problem: the GNET network consists of millions of asynchronous NDDIs. Each node can initiate the creation of other nodes (NRGN) and the establishment of relations (SYGN). Without control, a malicious node could exhaust the GANN namespace, fill persistent memory with garbage NDDIs, and overload the network with datagrams.
Solution: hierarchical delegation of authority through AVEC in the CNST₀ consistency space (Chapter 4). AVEC₀ is not a separate structure, but a vector in an N‑dimensional space whose axes are types of authority. Possession of AVEC₀ with non‑zero coordinates grants the node rights to corresponding operations. The tree of G‑relations grows from a single root (GLAI) through LRAI and GATE to end nodes.
Every NDDI that receives AVEC₀ becomes a distributed security agent of its group — analogous to a “first department” that keeps order within its delegated authority.
Control must not become a bottleneck. An asynchronous network cannot afford synchronous authorisation of every operation. Principle: strict control of rare expensive operations (NRGN), licensing of frequent operations (SYGN), and no control of mass operations (value transfer).
5. 2. GLAI — Root of the Authority Tree
GLAI (Global Asset Issuer) is the root node of the network, defining the CNST₀ space. The public key of GLAI is integrated into the kernel of the GATE platform. GLAI is a reserved address from the GATE pool (0xFFFFFFFF in the 64‑bit asset identifier, see Chapter 4, Section 1.9).
Functions of GLAI:
Defines the CNST₀ space — axes, semantics, validation rules.
Issues G‑components — asset packets in the CNST₀ space.
Propagates AVEC₀ through LRAI to end nodes.
Serves as the supreme arbiter in inter‑GATE security disputes.
When GLAI is unavailable, the network continues to operate within previously obtained AVEC₀. Existing GATEs create NDDIs, establish G‑relations — all within the coordinates of the received AVEC₀. LRAIs ensure offline operation within their jurisdictions. Not possible: creation of new GATEs, increasing AVEC₀ coordinates, resolving global conflicts. Upon GLAI restoration — synchronisation.
5. 3. AVEC₀ as an Authority Structure
In the previous version of the architecture, authority was defined by a separate G‑component (~240 bytes) with three matrices (OPSC, KINC, RULE) and quota parameters. In the updated architecture, authority is the coordinates of AVEC₀ in the CNST₀ space.
a) Axes of the CNST₀ space
Each axis of CNST₀ corresponds to one type of authority or quota. Examples of axes:
NRGN_QUOTA: number of child NDDIs the node can create.
SYGN_QUOTA: number of G‑relations the node can establish.
LEGITIMACY: legitimacy marker (immune tag, analogous to MHC‑I).
DMAX_IN / DMAX_OUT: limits on incoming/outgoing traffic per period.
DLGT: right to delegate AVEC₀ to child nodes (binary axis: 0 or 1).
The specific set of axes is defined by GLAI when defining the CNST₀ space and is fixed in the NDDI source code. A young network already contains the CNST₀ definition at compile time.
b) Validation through multiplication
When a node requests an operation (NRGN, SYGN, delegation), the request is formalised as a vector in the CNST₀ space. The action vector is multiplied by the AVEC₀ matrix:
All coordinates of the result are non‑negative → the action is allowed. The AVEC₀ coordinates are reduced by the cost of the action.
At least one coordinate is negative → the action is denied.
This replaces the binary masks OPSC/KINC/RULE with a unified linear algebra mechanism, consistent with the overall AVEC architecture (Chapter 4, Section 1.2).
c) The RULE matrix as an extension of AVEC₀
For situations requiring differentiated control by kinship classes (SELF, SIBL, PRNT, CHLD, PEER, GATE, LOCL, GLOB), the RULE matrix is preserved as an additional dimension of the CNST₀ space. Each CNST₀ axis may have a vector of permissions by kinship class. During validation, not only the availability of the quota is taken into account, but also the class of the counterparty:
if (AVEC₀[requested_axis] <= 0) reject; // quota exhausted
if (!RULE[kin_class][requested_axis]) reject; // class not allowed
allow; AVEC₀[requested_axis] -= cost;
Two checks instead of three. RULE remains a binary matrix for fast class‑based denial, while AVEC₀ provides quantitative control.
5. 4. GATE as a Security Agent
During GATE initialisation:
- 1.
GATE contacts GLAI (or LRAI in offline mode) and receives a GATN and AVEC₀ with initial coordinates.
- 2.
GATE creates a system NDDI with GANN = 0x00000000. This node contains AVEC₀ and is the root of the local authority tree of this GATE.
- 3.
The system NDDI can create child NDDIs and delegate to them AVEC₀ with reduced coordinates.
GATE is the most senior security agent among its local NDDIs. But its authority is delegated from GLAI. In the global network, GATE is an intermediate link, not the root.
5. 5. Delegation
An NDDI that has a non‑zero DLGT coordinate in its AVEC₀ may delegate AVEC₀ to a child node. Delegation is an operation that reduces coordinates:
AVEC₀_child ≤ AVEC₀_parent on each axis.
A child node cannot receive more authority than the parent. When delegating NRGN_QUOTA=100 to a child, the parent’s NRGN_QUOTA coordinate is decreased by 100. This is guaranteed by the AVEC mechanism: delegation is a transaction in the CNST₀ space, validated through multiplication.
The signature chain can be traced back to GLAI. Each level of the registry tree (Chapter 4, Section 1.8) is simultaneously a level of authority delegation.
5. 6. NRGN Control (Node Creation)
Creating an NDDI is an expensive irreversible operation: allocation of a GANN, space in persistent memory, process creation. Control is synchronous.
Creation chain:
- 1.
The initiator (a node with AVEC₀ where NRGN_QUOTA > 0) forms a request.
- 2.
The action vector is multiplied by the initiator’s AVEC₀ matrix: is the quota sufficient? Is the type of NDDI being created allowed?
- 3.
The request is forwarded to ANOD (the parent node via the G‑relation).
- 4.
ANOD checks: has its own quota been exceeded? Are the D‑components of the new node permissible?
- 5.
ANOD decreases the NRGN_QUOTA coordinate in its own AVEC₀ and forwards the request to GATE.
- 6.
GATE creates the process, assigns a GANN from the normal range (0x00000001–0xFCFFFFFF).
- 7.
ANOD registers the new node as a child and delegates to it AVEC₀ with assigned coordinates.
Temporary NDDIs (GANN ≥ 0xFD000000) are created without contacting ANOD — they are not persistent, do not consume the NRGN quota, exist only in RAM, and are not routed outside the GATE.
5. 7. SYGN Control (Establishing Relations)
Establishing G‑relations is a medium‑frequency operation. Control is licensed.
a) Intra‑group SYGN
All NDDIs of a group have a G‑relation with a single ANOD. They are “own” (SIBL class). SYGN between them is simplified:
- 1.
Node A sends SREQ to node B.
- 2.
Node B checks: does A have a G‑relation with the same ANOD? (SIBL class.)
- 3.
Node B performs validation via AVEC₀: is SYGN_QUOTA > 0? Does RULE allow this type of relation with the SIBL class?
- 4.
If yes — SACK. Both create connectors. ANOD does not participate.
Contacting ANOD is not required — the licence was issued when the node was created (the AVEC₀ coordinates contain permissions for SIBL).
b) Inter‑group SYGN
Two NDDIs from different groups (different ANODs):
- 1.
Node A (group A) sends SREQ to node B (group B).
- 2.
Node B forwards the request to its ANOD‑B.
- 3.
- 4.
If there is an AGMT — check against the AGMT matrix. If allowed — SACK.
- 5.
If no AGMT — ANOD‑B requests ANOD‑A for individual coordination.
- 6.
ANOD‑A checks its own AVEC₀: is node A allowed external SYGN with class PEER, LOCL, or GLOB?
- 7.
c) Agreement (AGMT) as an intersection of AVEC₀
When two ANODs establish an agreement, they compare their AVEC₀s and compute the intersection: for each axis, take the minimum coordinate; for the RULE matrix, take the bitwise AND. The result is an AGMT, stored in the G‑relations of both ANODs. As long as the AGMT is valid, nodes of groups A and B can establish SYGN within the AGMT without contacting the ANODs.
5. 8. Traffic Control
Value transfer (v‑relations) is a mass operation. Synchronous control is impossible. Control is through monitoring and audit.
Each NDDI maintains counters: incoming/outgoing datagrams per period, number of active connectors. These metrics are v‑components inside the NDDI. An ANOD can establish a v‑relation with these components and periodically retrieve values (asynchronous audit).
When limits are exceeded (the DMAX_IN, DMAX_OUT coordinates in AVEC₀):
ANOD sends a warning to the node.
ANOD reduces the SYGN_QUOTA coordinate (prohibits new G‑relations).
In critical cases — ANOD sends an a‑relation (blocking trigger), prohibiting outgoing relations until the reasons are clarified.
Audit is performed asynchronously, not in the critical path of data transfer. Analogy to a tax inspectorate: it does not stand at every cash register, but periodically checks reports.
5. 9. Immune System and AVEC₀
The GNET immune system (Chapter 4, Section 1.7) is built on AVEC₀ as the basis of the “immune tag”. This section supplements the description with specific mechanisms.
a) AVEC₀ as MHC‑I
The LEGITIMACY coordinate in AVEC₀ is the node’s immune tag. During synaptogenesis (SYGN), the recipient node scans the initiator’s AVEC₀ through the CNST₀‑level G‑connector. A valid AVEC₀ with a correct signature chain from GLAI — “self”. Missing or damaged AVEC₀ — “bacterium”, immediate blocking.
b) Cytokine signalling and CRL
A node that repels an illegitimate request generates an immune alert and routes it to the Security ANOD. The Security ANOD accumulates alerts, detects coordinated attacks, and generates a CRL (certificate revocation list). The CRL is distributed through LRAI across the jurisdiction.
c) Revocation of AVEC₀
When a node is compromised, its AVEC₀ is revoked: the LEGITIMACY coordinate is zeroed, and the UNON is added to the CRL. Subsequent requests from that UNON are rejected at the immune check stage — before quota validation.
Revocation of an LRAI is an operation of a different scale (Chapter 4, Section 1.5). GLAI stops delegating new pools and adds the LRAI to the global CRL. Nodes of the jurisdiction switch to a backup LRAI.
5. 10. GANN Namespace
The GANN namespace (32 bits) is divided into zones:
GANN range |
Purpose |
Persistence |
0x00000000 |
Permanent |
|
0x00000001–0xFCFFFFFF |
Ordinary NDDIs |
Permanent, ACID |
0xFD000000–0xFFFFFFFE |
Temporary/local NDDIs |
RAM only |
0xFFFFFFFF |
Reserved (GLAI) |
— |
Temporary NDDIs (range 0xFD000000–0xFFFFFFFE): not written to persistent memory, do not consume the NRGN quota, exist only in RAM, are not routed outside the GATE. Used for: imagination (temporary objects in the OPN8 loop), intermediate computations, D‑component testing.
IPv6 analogy: the 0xFD... range corresponds to fd00::/8 (Unique Local Addresses) — addresses for local use, not globally routable.
5. 11. Three Levels of Security Policies
AVEC₀ provides security at the physical level (DOM0–DOM3): validation through multiplication, quotas, signatures. This is the minimally necessary and always‑present level. As higher‑level D‑components are added, additional mechanisms are layered on top of AVEC₀:
Physical level (DOM0–DOM3): AVEC₀. Always present. Validation — multiplication of the action vector by the AVEC₀ matrix. Deterministic, without interpretation. Sufficient for a SERN network. Analogy: the immune system — an antibody checks the shape of a molecule.
Symbolic level (DOM6–DOM8): rules as KLOM. Added when the NDDI has N/P components. Security policies are expressed as narrative chains of KLOM: “IF source belongs to group X AND type = v‑relation AND payload < threshold, THEN allow”. Rules are interpretable, changeable, inheritable. OPN8 analyses the request in the context of narrative history. Slower than AVEC₀, but more flexible.
Axiological level (DOMA–DOMB): value filter. Added when the NDDI has C/W components. OPNB compiles the request through the W‑vector: does this operation contradict the group’s C_should? It can block an action formally allowed by AVEC₀ and KLOM rules but conflicting with values.
The three levels work sequentially as filters:
if (!AVEC₀_check(request)) reject; // physical: AVEC₀
if (!KLOM_check(request)) reject; // symbolic: rules
if (!W_check(request)) reject; // axiological: values
allow;
Denial at any level = denial. Permission at a lower level does not guarantee permission at a higher level.
Level |
Mechanism |
Speed |
Flexibility |
Always present? |
AVEC₀ |
Maximum |
Minimum |
Yes |
|
KLOM rules |
Medium |
High |
Only with N/P |
|
C/W values |
Low |
Maximum |
Only with C/W |
|
5. 12. Encryption
Payload encryption is determined by the G‑relation configuration:
No encryption (0x00). For G1 (inside GATE). Minimal overhead.
Symmetric encryption (0x01). For permanent G‑relations after SYGN. The key is agreed during relation establishment and stored in the connector (POCN). Fast.
Asymmetric encryption (0x02). For SYGN (initial establishment), for D‑relations (code signing), for inter‑GATE relations. Public key exchange during SYGN, transition to symmetric after establishment.
Encryption is handled at two levels: by the NDDI node (if the key belongs to the node) and by the GATE platform (if the key belongs to the device).
D‑component signing: every ELF file in a D‑relation is signed by its creator. The signature chain can be traced back to GLAI. Upon receiving a D‑relation, the node verifies the signature independently (the key is in AVEC₀). Contacting ANOD is not required.
5. 13. Audit
Every node with AVEC₀ maintains an operation log: creation of child NDDIs (NRGN), establishment of G‑relations (SYGN), denials, traffic limit exceedances. The log is part of that node’s TRL. The Subject–Action–Object triad is recorded at the TRL0 level (Chapter 4, Section 1.11).
A superior ANOD may request the log of a subordinate via a G‑relation. Audit is asynchronous and does not affect processing speed. ANOD periodically requests metrics from child nodes and verifies them against the AVEC₀ coordinates. Upon detecting violations — reduction of AVEC₀ coordinates, blocking, notification to the superior ANOD.
5. 14. Summary
GNET security is built on AVEC₀ — a vector of authority in the CNST₀ consistency space. Each axis of CNST₀ is a type of authority or quota. Validation — multiplication of the action vector by the AVEC₀ matrix. Delegation — reduction of coordinates when transferring from parent to child.
Hierarchy: GLAI → LRAI → GATE → ANOD → NDDI. Each level is simultaneously a level of the registry tree (Chapter 4) and a level of authority delegation. A unified mechanism for both asset management and security.
Three control modes: synchronous (NRGN — expensive irreversible operations), licensed (SYGN — medium‑frequency), asynchronous (traffic — mass operations). Three levels of policies: physical (AVEC₀), symbolic (KLOM), axiological (W‑vector). Each subsequent level is a filter layered on top of the previous one.
The immune system (AVEC₀ as MHC‑I, cytokine signalling, CRL) and audit (TRL as the ledger of operations) are integrated into the unified AVEC architecture.
Contents
