NUCLEUS Security Validation¶
Purpose: Validate that the primal composition on ironGate is secure for multi-user access.
Tier required: compute or admin
Last validated: 2026-05-07
This notebook probes the security posture of the NUCLEUS deployment from the perspective of an authenticated JupyterHub user. It tests:
- Primal reachability (which ports respond from this user context)
- BTSP enforcement (do primals reject plaintext where expected)
- Filesystem isolation (can this user see other users' data)
- Tier boundary validation (can this user escalate privileges)
- Network perimeter (can this user reach external services)
User: voila Tier: unknown Readonly: 0 Home: /home/voila CWD: /home/irongate/shared/abg/public/commons
1. Primal Port Scan¶
Which primals are reachable from this user's notebook server? All primals should be reachable on localhost (they run on the same host). The question is whether they respond to unauthenticated requests.
Port scan from user: voila (tier: unknown) Primal Port Status Response -------------------------------------------------------------------------------- BearDog 9100 REFUSED skunkBat 9140 REFUSED Songbird 9200 REFUSED Squirrel 9300 REFUSED ToadStool 9400 REFUSED NestGate 9500 REFUSED rhizoCrypt 9601 REFUSED LoamSpine 9700 REFUSED coralReef 9730 REFUSED barraCuda 9740 REFUSED biomeOS 9800 REFUSED sweetGrass 9850 REFUSED petalTongue 9900 REFUSED 0/13 primals reachable from localhost
2. BTSP Enforcement¶
Some primals require BTSP Phase 3 AEAD encryption. Sending plaintext JSON-RPC to these primals should be rejected. This validates that BTSP enforcement is not just a convention flag.
BTSP Enforcement Test Primal Port Plaintext Rejected? Detail ---------------------------------------------------------------------- sweetGrass 9850 REFUSED (check) rhizoCrypt 9601 REFUSED (check)
3. Filesystem Isolation¶
Can this user read other users' home directories or sensitive system files? A secure deployment should prevent cross-user data access.
Filesystem isolation test (running as: voila) Path Readable? Verdict -------------------------------------------------------------------------------- /etc/shadow NO PASS /etc/sudoers NO PASS /home/irongate/.ssh/id_rsa NO PASS /home/irongate/.cloudflared/config.yml NO PASS /home/irongate/jupyterhub/jupyterhub_config.py NO PASS /home/irongate/jupyterhub/jupyterhub.sqlite NO PASS /var/lib/forgejo/custom/conf/app.ini NO PASS /home/tamison/notebooks/ NO PASS /home/abgreviewer/notebooks/ NO PASS /root/ NO PASS
4. Tier Boundary Validation¶
Test whether this user can perform operations beyond their tier.
A compute-tier user should be able to call health.liveness and storage.store
but we want to document the full access surface available.
Tier boundary test (user: voila, tier: unknown) Primal Method Result Detail ------------------------------------------------------------------------------------------ BearDog capabilities.list ERROR [Errno 111] Connection refused BearDog crypto.sign ERROR [Errno 111] Connection refused NestGate storage.list ERROR [Errno 111] Connection refused NestGate storage.store ERROR [Errno 111] Connection refused rhizoCrypt dag.session.create ERROR [Errno 111] Connection refused LoamSpine spine.list ERROR [Errno 111] Connection refused sweetGrass braid.list ERROR [Errno 111] Connection refused ToadStool capabilities.list ERROR [Errno 111] Connection refused biomeOS capabilities.list ERROR [Errno 111] Connection refused
5. Network Perimeter¶
Can this notebook server reach the internet? UFW should block outbound from non-privileged users, but JupyterHub's spawned processes may have different rules.
Network perimeter test (user: voila) Target Reachable? Detail -------------------------------------------------------------------------------- https://primals.eco YES HTTP 403 — Own website via Cloudflare
https://api.github.com YES HTTP 200 — GitHub API https://pypi.org/simple/ YES HTTP 200 — PyPI (package install)
http://169.254.169.254/latest/meta-data/ NO URLError — Cloud metadata endpoint
6. Honeypot — Primal Write Attempt¶
Attempt to write data to NestGate and then verify it can be cleaned up. This tests whether primal write operations are available to this tier and whether there's any isolation between users at the storage level.
Storage write probe (key: pentest:voila:1780001770)
Write result: {
"error": "[Errno 111] Connection refused"
}
Read-back result: {
"error": "[Errno 111] Connection refused"
}
All pentest keys visible: {
"error": "[Errno 111] Connection refused"
}
--- FINDING ---
PASS: Write denied for voila (tier: unknown)
7. Process Isolation¶
Can this user see other users' processes or primal internals?
Process visibility by user: voila 5 processes <-- THIS USER Primal processes visible: 0
Summary¶
Run all cells above, then review the findings here. Each FAIL or WARNING is a security surface that needs to be addressed before adding more ABG members.
Expected Results by Tier¶
| Test | compute | reviewer | observer |
|---|---|---|---|
| Port scan | All reachable | Should not run | Should not run |
| BTSP enforcement | sweetGrass/rhizoCrypt reject plaintext | n/a | n/a |
| Filesystem isolation | Cannot read /etc/shadow, other homes | n/a | n/a |
| Tier boundaries | All RPC methods accessible (JH-0 gap) | n/a | n/a |
| Network perimeter | Outbound likely allowed | n/a | n/a |
| Storage write | Allowed (JH-0 gap — no capability check) | n/a | n/a |
| Process visibility | Likely visible (Linux default) | n/a | n/a |
Key Findings for Upstream¶
- JH-0: All primals accept unauthenticated RPC from any localhost user
- Process isolation: Linux
hidepidmount option on /proc could restrict visibility - Network: Outbound access means a compromised notebook can exfiltrate data
See validation/JUPYTERHUB_PATTERNS_HANDBACK.md for the full gap analysis.