๐ก๏ธ Mapping Interstellar to the MITRE ATT&CK Framework
Overviewโ
Interstellar is designed to defend against a wide range of adversarial threats โ not just at the cryptographic layer, but also at the human-machine interaction layer, where manipulation, deception, and spoofing increasingly occur.
To contextualize our security architecture within an established framework, we map Interstellarโs protections against the MITRE ATT&CKยฎ Mobile and Enterprise Matrices.
This mapping clarifies how components like Trusted Action Validation Protocol (TAVP), garbled circuit rendering, and TEE/SE-based attestation counter specific attack vectors โ many of which are under-addressed in legacy wallet architectures.
Interstellar Defense Mapping Tableโ
| MITRE Tactic | Technique | Example Threat Scenario | Interstellar Defense |
|---|---|---|---|
| Initial Access | Spearphishing via Service (T1396) | User tricked into logging in via fake wallet portal | No password or key entry; auth only via secure enclave + behavioral circuit |
| Drive-by Compromise (T1398) | User taps malicious link leading to exploit chain | Execution must pass enclave attestation + circuit-based validation; untrusted apps fail silently | |
| Execution | Input Injection (T1411) | App injects screen taps or transaction actions | Transactions require cognitive-human validation via garbled circuit; bots cannot bypass interaction |
| Exploitation for Privilege (T1401) | Exploit used to escalate mobile app privileges | Sensitive logic isolated in TEE and evaluated through circuit gate โ no app-level privilege grants | |
| Credential Access | Screen Capture (T1410) | Malware takes screenshots of validation UI | Garbled circuit rendering makes screen content meaningless unless seen by human eye in sequence |
| Input Capture (T1411) | Keystroke or touch input logging | No credentials typed; UI and confirmation flow cryptographically bound to each session | |
| Defense Evasion | UI Spoofing (T1444) | Fake transaction confirmation screens | Visual content rendered only by secure visual cryptographic circuit; attacker cannot spoof visibility |
| Masquerading (T1406) | App pretending to be wallet or signer | Circuit and TEE signature must match registered signer identity; spoofed apps fail validation | |
| Impact | Data Manipulation (T1491.001) | Attacker changes displayed transaction details | Transaction details cryptographically bound to garbled circuit display and verified via SE attestation |
| User Interface Deception (Enterprise: T1204.002) | User misled into approving malicious transaction | Session-specific visual layer + behavioral confirmation prevent spoofed approvals |
Summary of Key Mitigation Mechanismsโ
- TAVP: Converts user intent into cryptographically verifiable action signatures, invalidating fake interactions.
- TEE + SE Attestation: Validates secure code execution and anchors entropy; blocks malicious app-layer code paths.
- Visual Garbled Circuit Rendering: Ensures only real user sees the transaction message; not recordable or spoofable.
- Behavioral Biometrics: Adds dynamic user-specific input validation, resistant to replay and imitation.
๐ Scope Notesโ
While Interstellar covers a broad set of techniques, this mapping focuses on:
- User-side attacks against wallet frontends, interfaces, and transaction approvals
- Mobile platform threats relevant to secure self-custody and dApp interaction
Future iterations of this mapping may include:
- Post-quantum threat resilience
- Deepfake and LLM-assisted social engineering
- Secure recovery protocols in adversarial environments