Radium Constrained Execution (RCE): A Runtime Model for Governing Machine Actions
Description
This record publishes the Radium Constrained Execution (RCE) model, a runtime primitive for governing machine actions in automated infrastructures.
Existing security architectures primarily govern identity and access through mechanisms such as IAM and RBAC. These systems determine which principals may access resources, but they do not govern the execution of individual machine actions at runtime.
RCE introduces execution governance as a complementary primitive. In this model, machine actions must be accompanied by a verifiable mandate artifact describing authority, scope, and validity. A runtime gate validates this mandate before execution. In the absence of a valid mandate, execution is refused under a fail-closed invariant.
The RCE model defines a minimal execution governance primitive composed of two elements:
• a mandate artifact encoding authorization context
• a runtime gate enforcing per-action verification
The structural property introduced by RCE is that the set of executable actions is bounded by the set of actions for which a valid mandate exists.
Canonical publication:
https://radiumdefense.org
GitHub repository:
https://github.com/RadiumCosm/radium-corpus
Files
Radium-Constrained-Execution-RCE-A-Runtime-Model-for-Governing-Machine-Actions.pdf
Files
(529.8 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:6c0cfcf7cbbe36eeb2987b93f7a7b9b6
|
483.5 kB | Preview Download |
|
md5:25bc6aa0bb5470aa2712be1359693041
|
46.3 kB | Preview Download |
Additional details
Related works
- Is supplement to
- Dataset: https://github.com/RadiumCosm/radium-corpus (URL)
Software
- Repository URL
- https://github.com/RadiumCosm/radium-corpus