SATHOS: Self-Adaptive Trust-Hierarchical Orchestration for Zero-Trust DevSecOps Pipelines
Modern DevSecOps pipelines execute workloads across heterogeneous environments, including cloud runners, on-premises agents, and ephemeral containers, yet orchestration frameworks assume pre-trusted execution agents and rely on static policy gates. This assumption fails under agent compromise, configuration drift, and trust asymmetry between cloud and on-premises zones. We present SATHOS (Self-Adaptive Trust-Hierarchical Orchestration System), a zero-trust orchestration framework that models CI/CD pipelines as trust-governed directed acyclic graphs (DAGs) where each node's execution is conditioned on dynamically evolving four-dimensional trust vectors covering identity, platform, behavioral, and contextual evidence. SATHOS introduces a distributed trust negotiation protocol over mutual TLS with replay protection and cryptographic transcript verification, combined with a self-adaptive trust evolution mechanism that adjusts trust scores based on execution outcomes without requiring policy redeployment. Evaluated on a Kubernetes-based testbed with three pipeline topologies (3-5 nodes), three experimental conditions, and three random seeds (27 runs), SATHOS blocks 100% of compromised agent execution requests with zero false positives (p < 0.001, Fisher's exact test). The five-message trust negotiation protocol adds a median per-node latency of 4.73 ms (p50), and the Wilcoxon signed-rank test confirms bounded overhead (p = 0.065, one-sided). The system achieves zero false allows and zero false denies across all trial configurations.
Framework grounded in production experience automating enterprise Kubernetes/OpenShift delivery at scale.
zero trustDevSecOpsCI/CD securitysupply chain
