365 Architect

CipherShift365 -- Use Cases

Actors

Human Actors

ID Actor Who they are Primarily uses
A1 CISO / Security & Compliance Lead Accountable for cryptographic inventories and defensible migration roadmaps Compass outputs
A2 .NET Application Developer Owns code, dependencies, and configuration Compass in CI; the Vault SDK
A3 Security Architect / Migration Consultant Designs and delivers the migration engagement All three modules + consulting wrapper
A4 Platform / DevOps / SRE Engineer Operates build pipelines and runtime monitoring Guardian (gate, listener, SIEM)
A5 Procurement / Supplier-Assurance Officer Receives or demands assurance evidence The exported inventory (CBOM)

Supporting System Actors

ID System Role
S1 CI/CD system (Azure DevOps, GitHub Actions) Hosts discovery scan and build-time gate
S2 SIEM (Microsoft Sentinel, Splunk, Elastic) Receives Guardian alerts and events
S3 NuGet / package feed Source of third-party dependencies
S4 Knowledge Base update service Delivers signed, versioned KB
S5 Certificate & configuration stores Inputs Compass parses
S6 APM agent Must coexist with Guardian listener

Use-Case Inventory

ID Use case Primary actor Module
UC-D-01 Run a cryptographic discovery scan of a .NET solution A2 / A3 Discover
UC-D-02 Produce a standards-compliant cryptographic inventory (CBOM) A1 / A3 Discover
UC-D-03 Generate a prioritised, costed migration plan A1 / A3 Discover
UC-D-04 Read the human-readable risk report A1 Discover
UC-D-05 Run discovery as an automated step inside CI/CD A2 / A4 Discover
UC-D-06 Export the inventory for supplier / customer assurance A5 Discover
UC-D-07 Re-scan incrementally and diff against prior inventory A2 / A3 Discover
UC-M-01 Adopt the crypto-agile SDK in an application A2 Migrate
UC-M-02 Change algorithm or provider without recompiling A2 / A4 Migrate
UC-M-03 Enable hybrid (classical + post-quantum) mode A2 / A3 Migrate
UC-M-04 Rotate keys and manage deprecation windows by config A4 Migrate
UC-M-05 Operate on unsupported platform via graceful fallback A2 Migrate
UC-G-01 Establish a monitoring baseline from the inventory A3 / A4 Guard
UC-G-02 Block new quantum-vulnerable cryptography at build time A4 / A2 Guard
UC-G-03 Monitor running applications via a managed listener A4 Guard
UC-G-04 Detect drift between live state and the baseline A4 Guard
UC-G-05 Send alerts and events to the SIEM A4 Guard

Detailed Use Cases (Selected)

UC-D-01 -- Run a cryptographic discovery scan

Goal: Find every place cryptography is used across source, dependencies, certificates, and configuration.

Main flow:

  1. Actor runs Compass as a dotnet global tool against a solution.
  2. Compass performs semantic code analysis (understanding what the code actually does, not just matching text).
  3. Compass walks the dependency tree and parses certificates and config files.
  4. Compass classifies each finding by role (key exchange, signature, symmetric, hash, MAC, KDF, RNG) and by parameters (key size, mode, curve).
  5. Compass assigns a quantum-risk level using the knowledge base.

Outcome: A complete set of classified findings, ready for CBOM (UC-D-02), plan (UC-D-03), and report (UC-D-04).

UC-M-01 -- Adopt the crypto-agile SDK

Goal: Let developers call cryptography through a stable, algorithm-agnostic interface.

Main flow:

  1. Developer codes against interfaces (IKem, ISignature, ISymmetric) without naming a concrete algorithm.
  2. Vault delegates to a trusted provider -- never a re-implemented primitive.

Outcome: Application code that does not have to change when the algorithm does.

UC-G-02 -- Block vulnerable cryptography at build time

Goal: Stop regressions before they ship.

Main flow:

  1. Guardian runs the shared Compass analysis engine as a build-time gate.
  2. A build that introduces quantum-vulnerable cryptography fails; a clean build passes.

Outcome: The codebase cannot quietly slide backwards.

Share on LinkedIn