OPSAWG Working Group L. Melegassi Internet-Draft Catellix Intended status: Informational 28 May 2026 Expires: 29 November 2026 MVPS-Host: Canonical Multi-Vantage Coherence Monitoring of Operating-System Fleets via Telemetry draft-melegassi-opsawg-mvps-os-host-00 Abstract This document specifies MVPS-Host, a profile of the Multi-Vantage Path Synchrony (MVPS) framework for monitoring operating-system telemetry. Unlike conventional host monitoring, which scores a single host against a learned baseline of itself, MVPS-Host treats a HOMOGENEOUS FLEET of N >= 4 hosts (same role/image) as multiple independent vantages of one logical baseline. Each tick it forms a robust aggregate (the geometric median) of standardised per-host telemetry and detects on that aggregate, while localising offenders on per-host residuals. This yields a canonical discrimination that single-host monitors cannot provide: a single compromised or faulty host leaves the robust aggregate unmoved (and is localised), whereas a fleet-wide coherent event -- a mass configuration push, a supply-chain update, or a coordinated attack touching a majority -- moves the aggregate and raises a fleet alarm. All theorem-level claims are backed by a machine-checkable numerical receipt. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 29 November 2026. Melegassi Expires 29 Nov 2026 [Page 1] Internet-Draft MVPS-Host May 2026 Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Why a Single Host Cannot Be Canonical . . . . . . . . . . . 3 4. Fleet, Vantages, and Telemetry Coherence Axes . . . . . . . 4 5. Robust Aggregate and Detector . . . . . . . . . . . . . . . 4 6. Canonical Local/Fleet Discrimination . . . . . . . . . . . 5 7. Bounded Detector and Honest Existence . . . . . . . . . . . 6 8. Inheritance from the MVPS Core . . . . . . . . . . . . . . 6 9. Conjectures and Falsification Protocols . . . . . . . . . . 6 10. Operational Considerations . . . . . . . . . . . . . . . . 7 11. Security Considerations . . . . . . . . . . . . . . . . . . 7 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 8 13. References . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction Endpoint and host intrusion-detection systems learn a baseline of each host and score deviations from it. This is single-vantage by construction and has a structural blind spot: a slow, coordinated drift that touches the entire estate is "normal" to every local baseline, because each baseline drifts with it. The Multi-Vantage Path Synchrony (MVPS) framework is, by definition, multi-vantage. This document applies it to operating-system telemetry in the only way that is canonical for MVPS: by comparing peers, not by scoring a host against itself. A homogeneous fleet of N >= 4 hosts (same role/image) provides N independent vantages of one logical baseline. Claims are made at three maturity levels per the MVPS adversarial-audit methodology [I-D.melegassi-irtf-mvps-methodology]: [T] machine-checked theorems, [D] engineering designs, and [C] conjectures with falsification protocols. Theorem-level claims carry a numerical receipt (Section 6, Section 7). Melegassi Expires 29 Nov 2026 [Page 2] Internet-Draft MVPS-Host May 2026 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Fleet: a set of N >= 4 hosts of the same role/image, scraped each tick T_scrape by a collector. Vantage: one host's view of the shared logical baseline. Robust aggregate: the geometric median of the per-host telemetry vectors, with breakdown point 1/2. 3. Why a Single Host Cannot Be Canonical A single host has no external ground truth about its own correctness. Any self-baseline can be poisoned slowly, and any fleet-wide change is invisible to it. Canonical MVPS never asks "is THIS host anomalous?"; it asks "do my homogeneous peers agree, and if not, who diverges?" The remainder of this document formalises that question. 4. Fleet, Vantages, and Telemetry Coherence Axes Each tick, the collector forms a per-host vector standardised against the commissioning baseline, projected onto three coherence axes in [0,1]^3: C_1 cross-host agreement of the standardised telemetry (syscall/process mix, resource distribution); C_2 scheduling and cadence regularity against T_scrape; C_3 integrity and configuration consistency: file and module hashes, loaded kernel modules, listening sockets and network posture. Membership in a fleet MUST be homogeneous (same role/image); a heterogeneous group is not a valid set of vantages and MUST be partitioned into homogeneous fleets first (Section 6, precondition). 5. Robust Aggregate and Detector Let x_1,...,x_N be the per-host coherence vectors. The detector uses the geometric (L2 spatial) median m = geomed{x_i} as the robust aggregate and the Mahalanobis statistic Melegassi Expires 29 Nov 2026 [Page 3] Internet-Draft MVPS-Host May 2026 D^2 = m^T Sigma_0^-1 m against the commissioning covariance Sigma_0, raising a FLEET alarm when D^2 > q_chi (chi-square, 3 dof; nominal level 0.99, q_chi = 11.345). Per-host residuals r_i = sqrt((x_i - m)^T Sigma_0^-1 (x_i - m)) localise offenders. The geometric median has breakdown point 1/2 (the MVPS core robustness import I12, equivalently core Theorem 9): no minority of hosts can move it beyond a bounded max-bias. 6. Canonical Local/Fleet Discrimination This is the operational core of the profile. Precondition (T-OS-CANON, [D]): homogeneous fleet, N >= 4, Byzantine fraction f < 1/2. Checked at commissioning. T-OS-2 [T] (discrimination): LOCAL. If at most a minority (e.g. one host of N) is perturbed, the robust median is unmoved (max-bias <= 2/(N-2) sigma); the fleet detector stays quiet and the perturbed host is argmax-localised by its residual. FLEET. If a majority (>= floor(N/2)+1 hosts) shifts coherently, the robust median moves with the majority and the fleet detector fires. Numerical receipt. scripts/validate_os_host_coherence.py exits 0 (7/7). For N = 7: a single compromised host (one of seven set to a strong shift) yields robust D^2 = 0.000 (median unmoved) with the offending host's residual = 6.50 sigma (others < 1.0), a LOCAL verdict with localisation; a coherent majority (four of seven) yields robust D^2 = 18.76 > q_chi, a FLEET verdict. 7. Bounded Detector and Honest Existence T-OS-1 [T]. Because every coherence axis lies in [0,1], the detector statistic is bounded: D^2(beta) <= D2_max := (1-mu0)^T Sigma_0^-1 (1-mu0) <= 3/lambda_min < infinity, is monotone non-decreasing along a coherent shift, and a finite detection threshold beta* with D^2(beta*) = q_chi EXISTS IF AND ONLY IF D2_max > q_chi. Commissioning MUST verify D2_max > q_chi before advertising detection; an over-noisy fleet cannot detect. The receipt reports D2_max = 42.21 (<= 3/lambda_min = 75) and beta* = 0.731 sigma. Melegassi Expires 29 Nov 2026 [Page 4] Internet-Draft MVPS-Host May 2026 8. Inheritance from the MVPS Core Hosts disciplined by NTP or PTP satisfy the bounded joint-skew axiom A1 at T_scrape granularity; A2, A3, A5 are structural. With f < 1/2 the core theorems T1, T2, T3', and T9 hold on the host surface verbatim by the Architecture-Invariance Theorem [I-D.melegassi-iab-mvps-architecture]. Only the axiom preconditions are checked here; no re-proof is required. 9. Conjectures and Falsification Protocols C-OS-1 [C]. On a homogeneous fleet with q_chi calibrated to the commissioning holdout, a coherent telemetry shift is detected within max(M-1,1)*T_scrape + RTT_collector. observable: scrape index of first robust D^2 > q_chi vs onset; data source: LANL Unified Host & Network dataset; auditd/eBPF fleet traces; test: paired latency vs single-host EWMA baseline, Wilson 95% lower bound on lead-time gain > 0; blocker: per-fleet commissioning calibration of q_chi. This conjecture MUST NOT be cited as a guarantee. 10. Operational Considerations Telemetry sources (auditd, eBPF, sysmon-like agents) feed a collector that computes the geometric median per tick. The collector SHOULD persist each tick's robust aggregate and the per-host residuals to the MVPS operational log [I-D.melegassi-opsawg-mvps-logging] for tamper-evident audit. Fleet membership changes (autoscaling) MUST update N and re-check the f < 1/2 precondition. 11. Security Considerations MVPS-Host is a defensive detection-and-localisation profile. It raises alarms and identifies likely-offending hosts; it does NOT actuate, quarantine, or remediate. An adversary controlling fewer than N/2 hosts in a fleet cannot move the robust aggregate and is localised by residual; an adversary controlling a majority is out of scope (f >= 1/2), where the robustness import no longer holds. Telemetry ingestion MUST be authenticated so that the robust aggregate cannot be poisoned by spoofed vantages, and the collector is a trust anchor that SHOULD be isolated from the monitored fleet. Melegassi Expires 29 Nov 2026 [Page 5] Internet-Draft MVPS-Host May 2026 12. IANA Considerations This document has no IANA actions. 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, May 2017. 13.2. Informative References [I-D.melegassi-iab-mvps-architecture] Melegassi, L., "MVPS Architecture and the Architecture-Invariance Theorem", Work in Progress. [I-D.melegassi-irtf-mvps-methodology] Melegassi, L., "An Adversarial-Audit Methodology for MVPS Claims", Work in Progress. [I-D.melegassi-opsawg-mvps-logging] Melegassi, L., "An Append-Only, Hash-Chained Operational Log Format for MVPS", Work in Progress. Author's Address Leonardo Melegassi Catellix Brazil Email: leonardo@catellix.com Melegassi Expires 29 Nov 2026 [Page 6]