Zero-trust security
As Executors can reside anywhere on the Internet, it becomes impossible to protect them using traditional security measures like firewalls. Zero-trust security is a foundational to ColonyOS, and builds on the principle never trust, always verify.
In a Zero-trust security model, it is assumed that any device or user could be a potential threat, even if they are located within a secure network perimeter. Similarly, ColonyOS operates on the assumption that any Executor is a potential threat. Therefore, every interaction must be encrypted and authenticated. By logging all process execution histories, it also becomes possible to detect malicious activities and automatically exclude Executors from a Colony, for example if an Executor compromise the security or integrity of the system.
ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital public key encryption signature algorithm. It is widely used in blockchains such as Bitcoin and Ethereum to verify transactions. One of the advantages of ECDSA is its ability to recover public keys from received messages and signatures without explicitly transmitting the public keys. In ColonyOS, the ID of an Executor or a Colony is simple a SHA-3 hash of the public key, which can be recovered by the Colonies Server when it receives messages from remote Executors. The Colonies Server stores the ID of all Executors in a database to keep track which Executors belong to a Colony. It can then lookup in the database to verify if a Executor is allowed to interact with other Executors part of a Colony.
In ColonyOS, there exist three distinct roles, each with its own set of responsibilities and authority levels.