Status: Phase 5 (Finalized/Experimental)
Security Model: Object-Capability (O-Cap) at C-ABI Boundary
Technical Stack: Rust (Engine), Zig (Interceptor), V8 (Introspection)
Astraea is a high-performance security middleware engineered to enforce mathematical zero-trust constraints on Node.js applications. By operating at the native C-ABI boundary between the V8 engine and the host operating system, Astraea neutralizes supply-chain attacks, Remote Code Execution (RCE), and unauthorized data exfiltration. Unlike traditional JavaScript-based security tools, Astraea cannot be bypassed by obfuscation or runtime monkey-patching.
The entry point of the system. It utilizes dynamic linker hijacking (LD_PRELOAD) to intercept critical system calls before they reach the kernel or libuv.
- Mechanism: Exports symbols matching
libc(open,openat) andlibuvsignatures. - Optimization: Uses Zig's
@cImportfor zero-cost header integration andRTLD_NEXTfor transparent pass-through of allowed calls. - Safety: Implements a recursion guard to prevent the security engine from intercepting its own I/O.
The "context-aware" component that bridges the gap between a raw native call and the JavaScript module that initiated it.
- Dynamic Discovery: Utilizes a build-time introspection script (
nm-based) to resolve V8 internal mangled symbols at compile-time, ensuring cross-version compatibility. - Stack Walking: Pauses execution to walk the V8 isolate stack, identifying the first non-internal JavaScript frame.
- Sticky Context: Implements a thread-local heuristic to propagate security context across asynchronous boundaries and worker threads.
A high-performance policy evaluator designed for minimal impact on the Node.js event loop.
-
Data Structure: Uses a Radix Tree (Trie) for
$O(K)$ path resolution (where$K$ is path length), independent of rule count. -
Evaluation: Validates
$(Module, Action, Target)$ tuples against a compiled manifest. -
Performance: Introduces ~36µs of overhead per intercepted call in
ReleaseFastbuilds.
- Native C-ABI structure mirroring for
libuvandBionic/Glibc. - Implementation of
LD_PRELOADhooks foropenandopenat. - Zig/Rust FFI bridge for cross-language telemetry.
- V8 internal symbol mapping for
StackTraceandIsolate. - Smart Symbol Discovery: Automated discovery of C++ mangled names during build.
- Package-level attribution (mapping file paths to
node_moduleslogical names).
- Radix Tree Integration: Blazing fast filesystem permission checks.
- Manifest Standard: TOML-based capability definition.
- Mock Spoofing: Redirection of unauthorized I/O to synthetic mock data.
- Zero-Allocation Optimization: Minimal heap usage during the critical path.
- Clippy Compliance: Strict adherence to Rust engineering standards.
- Formal Benchmarking: Documented performance profile (~36µs overhead).
- Seccomp-BPF Integration: Strict syscall whitelist to prevent direct kernel escapes.
- dlopen Interception: Granular control over native addon loading per package.
- Architecture Hardening: Dedicated
guardianmodule for low-level process security.
- Native Bypasses: Malicious modules using custom native addons to invoke direct
syscalls(e.g., viaasm).- Mitigation: Astraea restricts
dlopencalls and enforces a Linuxseccomp-bpffilter to block unauthorized syscalls at the kernel level.
- Mitigation: Astraea restricts
- Path Normalization: Astraea performs in-place path normalization to prevent bypasses via
../traversal or redundant slashes.
- License: GNU AGPL 3.0
- Version: 0.1.0-experimental
- Author: Seuriin