Publications & Technical Research
Peer-reviewed research from Graziano Labs Corp. advancing the science of cryptographic observability.
Cryptographic Observability and Drift Detection: A Dual-Layer Model and Reference Implementation
Marco Graziano — Graziano Labs Corp.
Abstract
Cryptographic systems deployed in production often differ substantially from their documented or configured cryptographic posture, creating blind spots that complicate security analysis and post-quantum migration planning. We introduce a dual-layer observability model that distinguishes between configured cryptography (static layer) and observed cryptography (runtime layer), and formalize cryptographic drift as the mismatch between these layers. We define two classes of drift: Configured-Not-Observed (CNO) and Observed-Not-Configured (ONC), and establish basic properties of drift detection under this model.
We present a reference implementation that realizes the model by combining binary-level cryptographic inventorying, runtime tracing of cryptographic operations, and passive network protocol analysis. The implementation enables detection of undocumented libraries, dynamically loaded cryptographic code, and network-visible cryptographic behavior without payload decryption. Experimental results on Linux and embedded systems demonstrate scalable static analysis, production-safe runtime tracing, and high-throughput network observation, and reveal substantial cryptographic drift in real deployments.
Key Contributions
Dual-Layer Model
Formal framework distinguishing static configuration from runtime behavior, enabling systematic drift detection.
Drift Taxonomy
Two drift classes — CNO (configured but not observed) and ONC (observed but not configured) — with formal properties.
Reference Implementation
Four open-source tools: cbom-generator, crypto-tracer (eBPF), pqc-flow, and cbom-explorer.
Experimental Validation
90%+ asset coverage on embedded Linux with <0.5% CPU overhead and 12,000+ files/min throughput.
Industry Whitepapers
Building a Distributed Cryptographic Bill of Materials Architecture for the Post‑Quantum Era
Marco Graziano — Graziano Labs Corp.
Presents the architecture of a distributed CBOM system that combines static analysis with runtime monitoring to provide complete cryptographic observability. Covers the agent-collector model, three-layer data acquisition, correlation engine, and policy enforcement.
Read Whitepaper →Built on Research, Ready for Production
CipherIQ's open-source tools implement the models described in our research. Try them today.