Security Module (hierachain/security/*)
Overview
The Security module provides enterprise-grade security capabilities for HieraChain. Instead of relying on a single protection layer, HieraChain implements a Defense-in-Depth strategy, spanning identity authentication, access control, resource protection, and advanced technologies such as Zero-Knowledge Proofs.
6 Main Security Pillars
The security architecture consists of 6 main threads that work closely together:
-
Authorization & Access
Identity management (MSP), API Key authentication, and attribute-based access control (ABAC). Details
-
Lockdown & Logging
Emergency cluster lockdown mechanism and tamper-proof secure logging system. Details
-
Integrity & Guard
Resource protection against DoS and integrity checks of source code/configuration at startup. Details
-
Risk & Sanitization
Anomaly detection and input data sanitization against injection attacks. Details
-
Encryption & Keys
Management of encryption key lifecycle (Ed25519, AES-GCM) and enterprise-standard digital certificates (X.509). Details
-
Zero-Knowledge Proofs
Cross-chain private data security using zero-disclosure proof technology (ZKP). Details
System Integration
Every component of HieraChain is protected by these security layers:
- API Server: Uses
ResourceGuardandAPIKeyVerifieras the first line of defense middleware. - Consensus: All consensus messages are digitally signed and integrity-checked.
- Storage: Sensitive data is encrypted before storage and sanitized during queries.
Security Configuration
Key settings are centrally managed in hierachain/config/settings.py:
AUTH_ENABLED: Enable/disable API authentication.HRC_CLUSTER_SECRET: Secret key for cluster control commands.HRC_ENABLE_ZK_PROOFS: Enable ZK proof verification.