Security Model Specification

Document:  REP Security Model
Version:   0.1.0
Status:    Active
Authors:   Olamide Adebayo (Ruach Tech)
License:   CC BY 4.0

Note

For a practical guide to REP’s security properties, see Security Model (Concepts). This page is the formal specification document.

Security Model (Concepts) Practical guide — threat analysis, hardening, monitoring recommendations

The concepts page contains the full content of this specification, reformatted for easier navigation. It covers:

• Fundamental axiom and trust boundaries
• All 7 threat analyses (T1-T7) with severity, mitigations, and residual risk
• Variable classification decision tree with common misclassifications
• Production hardening recommendations (gateway config, FROM scratch Dockerfile, CSP headers)
• Monitoring and alerting setup
• Known limitations

---

The full source document is at spec/SECURITY-MODEL.md.