Advanced Security Architecture
Beyond the core security layers, Quira introduces eight novel security structures inspired by macOS deep mechanisms that no existing browser implements. Each is grounded in the formal threat model and addresses specific adversary classes.
Research status
These structures are at the research and design stage. They build on the Permission System and Privacy Architecture foundations. For eight additional emergent security structures that extend and combine these, see Emergent Security.
Knowledge Protection Classes (KPC)
Inspired by iOS Data Protection Classes (A-D), KPC applies state-dependent graduated encryption to the Context Graph. Quira's current encryption (SQLCipher) is a single key for the entire database — equivalent to iOS Class C. KPC introduces four classes where data accessibility depends on authentication state.
Four protection classes
| Class | Scope | Key available | Key destroyed |
|---|---|---|---|
| KPC-A (Active Research) | Active Space graph data | While Space is in foreground + authenticated | Immediately when Space goes to background |
| KPC-B (Session) | Spaces accessed this session | After first auth per session | Browser exit |
| KPC-C (Index Only) | FTS5 index + graph topology subset | After master password / biometric | OS shutdown |
| KPC-D (Structural) | Node count, Space names, timestamps | Always (UID-derived key) | Remote wipe only |
The key hierarchy uses HKDF derivation: Master Key (Argon2id from passphrase + hardware UID) derives class-specific keys at each level.
Threat model coverage
| Adversary | Attack | KPC defense |
|---|---|---|
| OS-level (A4) | Memory dump | Only active Space data is decrypted — damage limited to that Space |
| OS-level (A4) | Cold boot attack | Session keys exist only in volatile memory — power loss destroys all keys |
| OS-level (A4) | Disk theft (power off) | All classes require Master Key — no decryption without passphrase |
| Extension (A3) | Full graph read | Non-active Spaces have no decryption key in memory |
Context Security Event Bus (CSEB)
Inspired by macOS Endpoint Security Framework, CSEB is a programmable real-time event monitoring system for all graph operations. Unlike signature-based detection, CSEB provides AUTH (blocking) and NOTIFY (observe-only) modes.
World first
No browser implements a programmable security event bus for internal graph operations. CSEB is the most novel structure in Quira's architecture.
Event types and rules
| Category | Event types | Mode | Example |
|---|---|---|---|
| Graph.Read | node.read, edge.read, query.execute | NOTIFY | Extension reads node content |
| Graph.Write | node.create, node.update, edge.create | AUTH | AI adds entity |
| Graph.Export | export.json, clipboard.copy | AUTH | Data leaves browser |
| AI.Pipeline | ai.extract, ai.embed, ai.query | AUTH | Each AI pipeline stage |
| Extension.API | ext.graph.read, ext.network.send | AUTH | Extension API call |
Rules are stackable (built-in + community + user) with actions: ALLOW, DENY, THROTTLE, QUARANTINE. Example: block bulk exports over 100 nodes from extensions.
Architecture
All components emit events to a lock-free ring buffer. The rule engine evaluates in real time. AUTH events block until a decision is made. An append-only audit log records all decisions for forensic analysis.
Knowledge Query Relay (KQR)
Inspired by iCloud Private Relay (MASQUE / ODoH), KQR provides structural separation of identity and query content when using Cloud AI.
| Entity | Knows | Does NOT know |
|---|---|---|
| Relay 1 (Quira) | User ID, subscription status | Query content, AI response |
| Relay 2 (independent third party) | Query content (plaintext) | User ID, IP address |
| AI Compute | Query content | User identity (via Relay 2) |
Authentication uses RSA blind signatures — Relay 1 issues tokens but cannot track which token is used for which query. Built on OHTTP (RFC 9458) and Privacy Pass (RFC 9578).
Privilege-Separated Context Services (PSCS)
Inspired by macOS XPC Services, PSCS decomposes security-critical components into isolated microservices with minimum privileges.
| Service | Capabilities | Cannot access |
|---|---|---|
| Graph Engine | DB read/write, FTS5, KPC keys | Network, GPU |
| AI Pipeline | Model read-only, GPU/CPU, temp memory | Database, network |
| Permission Manager | TCC database, policy evaluation, audit log | Graph data, network |
| Export Service | Graph read (via Graph Engine), file write | Network |
| Extension Host | Extension storage, graph via IPC only | Direct DB access |
| Update Service | Network read, code signing verification | Graph data |
Critical constraint: AI Pipeline cannot directly access the database. All graph access goes through Graph Engine IPC. If prompt injection compromises the AI pipeline, it cannot write to the database.
Sealed Knowledge Volume (SKV)
Inspired by macOS Sealed System Volume (SSV), SKV creates cryptographic commitments to graph state at a point in time.
- Research priority proof — Prove a knowledge node existed at time T via Merkle path + timestamp authority (RFC 3161)
- Proof of absence — Prove a topic did NOT exist in your graph at time T using Sparse Merkle Trees
- Incremental sealing — Only re-hash changed nodes/edges, not the entire graph
Use cases: proving research precedence, legal disputes (demonstrating non-access to certain information), integrity verification after compromise.
Context Trust Arbiter (CTA)
Inspired by macOS AMFI (Apple Mobile File Integrity), CTA is a single point of decision for all security judgments. Instead of each subsystem making independent trust decisions, CTA evaluates every request through a unified pipeline:
- Identity verification (code signing)
- Capability evaluation
- TCC permission check
- Policy evaluation (declarative)
- KPC state check (protection class vs. auth level)
- CSEB context check (recent event patterns)
Short-circuit evaluation: first DENY returns immediately. ALLOW requires all checks to pass.
Adaptive Security Posture (ASP)
Going beyond binary Lockdown Mode, ASP adjusts security level continuously based on environmental signals.
| Posture range | Level | Behavior change |
|---|---|---|
| 0.0–0.2 | Lockdown | AI disabled, exports blocked, extensions disabled |
| 0.2–0.4 | High Alert | Cloud AI blocked, local AI only, exports require confirmation |
| 0.4–0.6 | Elevated | Extension rate limits tightened, KPC-A auto-applied |
| 0.6–0.8 | Normal | Default settings |
| 0.8–1.0 | Relaxed | Approved environment, performance-optimized caching |
Signals: network type (public WiFi lowers posture), time since auth, CSEB anomaly detection, OS update status, external device connections.
Implementation priority
| Phase | Structure | Rationale |
|---|---|---|
| Phase 1 | PSCS, CSEB | Foundation — process separation and event monitoring enable all other structures |
| Phase 2 | KPC, CTA, SKV | Core protection — graduated encryption, unified trust, cryptographic commitments |
| Phase 3 | ASP | Adaptive response — requires CTA and CSEB in place |
| Phase 4 | KQR | Cloud AI privacy — needed only when Cloud AI features launch |