Threat model & resilience
AMME treats threats as both technical and socio‑political: attacks can target models, data pipelines, observability signals, validator incentives, and governance processes.
What’s in scope
- Supply‑chain poisoning of training data and model updates
- Telemetry poisoning or selective omission of sensitive metrics
- Credential replay / compromise of connector authentication
- Consensus equivocation and liveness attacks on validator quorums
- Coordinated disinformation and narrative manipulation of deliberation
- Model‑inversion attacks targeting sensitive populations
Why resilience is explicit
The thesis argues that “adversarial hardening” must extend beyond static tests. AMME’s design includes instrumented drills, measurable recovery thresholds, and independent shadowing so the system can demonstrate its security posture rather than merely asserting it.
This is aligned with security evaluation norms referenced in the thesis (e.g., NIST SP 800‑53 and IEEE P7009).
Defenses described in the thesis
The framework proposes layered defenses that combine cryptographic assurance, governance oversight, and operational preparedness.
| Threat | AMME mitigation (high‑level) |
|---|---|
| Telemetry poisoning | Signed attestations with evidence hashes + metadata; privacy budgets; capability tokens to prevent silent omission. |
| Consensus equivocation | Byzantine fault tolerance, geographically distributed validator nodes, fallback leaders, and penalties for misbehavior. |
| Hidden non‑compliance | Shadow validator cohort performs independent monitoring; divergences are quantified and fed into AIL. |
| High‑stakes harm | Ethical circuit breakers can temporarily pause deployments when multiple pillars report critical anomalies. |
| Governance capture | Legitimacy‑weighted elections and institutional checks (assembly + council + court), plus transparent logs. |
Note: This page summarizes the thesis; for technical details (e.g., connector attestations, OAuth 2.0 mutual‑TLS flows, and remediation automation), consult the PDF in the Thesis section.
Chaos hooks, drills, and playbooks
A distinctive feature in the thesis is its emphasis on operational readiness: shared SOPs, joint drills across pillars, and quantitative thresholds for recovery during adversarial simulations.
Chaos hooks (red‑team activations)
Each pillar is described as exposing “chaos hooks” that red‑team units can activate to simulate targeted assaults (consensus equivocation, telemetry poisoning, credential replay). Deviations feed into resilience analytics that quantify mean time to detection and recovery.
Operational playbooks
The thesis outlines Standard Operating Procedures for incident response, escalation handoffs, and maintenance windows. Playbooks are stored in the DPV and versioned alongside ethics packs so changes remain auditable.
Joint drills rehearse complex scenarios: cross‑border violations requiring LEI deliberation, DPV state migration, PSE alerting, AIL narrative aggregation, and IOL regulatory notification.