Security Architecture

Overview

The WeOS Security Architecture is designed to enhance the security and reliability, especially in mission-critical environments where security is essential. It defends against unauthorized access, data leakage, and system misuse through a layered security model. Features, such as login settings and access controls, are visible and user-configurable. Others, like secure boot and encrypted storage for secrets, operate in the background. Together, user-configurable settings and built-in protections serve a unified purpose; to protect mission critical assets.

+-----------------------------------------------+
|         Unauthorized Access Protection        |
|   Provides authentication and authorization   |
+-----------------------------------------------+
|            Availability Protection            |
|    Provides system reliability and uptime     |
+-----------------------------------------------+
|               Data Protection                 |
| Provides safeguards for sensitive information |
+-----------------------------------------------+
|                 Audit Trail                   |
|   Provides traceability and accountability    |
+-----------------------------------------------+
|                  Protects                     |
|            Mission Critical Assets            |
+-----------------------------------------------+

Figure 1: Security Layers in WeOS

Unauthorized Access Protection

Unauthorized access protection is enforced through multiple layers of security. Local and remote authentication verifies that only authorized users can access system status and make changes. Role-Based Access Control (RBAC) restricts user actions based on assigned roles, minimizing the risk of privilege misuse. Local console access protection limits sensitive commands to users with physical access to the device, enhancing security by protecting from remote misuse. Pre-login banners provide configurable messages to raise awareness and present legal notices before login. Additionally, Port Network Access Control using 802.1X blocks unauthorized devices from connecting to the network.

Availability Protection

Availability protection helps maintain system stability and resilience against faults and resource exhaustion. The Watchdog feature automatically recovers the system from hardware or software malfunctions. The Audit Ring Buffer maintains uninterrupted audit logging by overwriting the oldest entries. The Firewall protects system availability by blocking malicious or unwanted traffic. Additionally, remote session limits help prevent resource exhaustion by restricting the number of concurrent remote management sessions.

Data Protection

The system incorporates multiple layers of integrity and authenticity checks to provide secure startup and data protection. Secure Boot validates software and firmware during startup, with support for hardware- or software-based implementations depending on the capabilities of the executing hardware platform. Boot Integrity verifies the bootloader to detect tampering, while Configuration Integrity and Schema Validation confirms that configuration files and inputs are legitimate before being applied. Sensitive data such as passwords are protected through Encrypted Secrets and Secure Storage, which prevent secrets being stored in plaintext. Additionally, Private Key Protection prevents keys from being stored unencrypted on persistent media, while disabling execution from external media helps prevent malware by blocking unauthorized code from running when external devices are connected.

Audit Trail

The audit logging enhances traceability and compliance by securely logging system events, activities, and configuration changes. These logs provide a record of actions taken within the system, supporting accountability and forensic analysis when needed.