System Architecture

Five layers, zero shared fate

SPARK-XC is architected so that no single failure can compromise GPU safety. Each layer enforces independently — the system is designed to assume any layer might fail at any time.

Explore the Pipeline → Contact Us
Stack Position

Where SPARK-XC lives in your system

SPARK-XC sits between the OS/kernel and the GPU hardware — intercepting all power limit commands before they reach the register, and enforcing safety constraints at the hardware level.

Unlike software-only solutions, SPARK-XC's Layer 1 hardware clamping operates below the driver stack entirely. Even a compromised or crashed OS cannot circumvent it.

Key architectural property
The five layers share no common dependencies. Hardware clamping, thermal monitoring, policy evaluation, execution verification, and audit logging are each implemented as distinct, isolated subsystems.
💻
User Application
APP LAYER
⚙️
CUDA / Driver
DRIVER
🖥️
OS / Kernel
KERNEL
⚡ SPARK-XC Layer
🔩
L1 · Hardware Clamp
HW REGISTER
🌡️
L2 · Thermal Emergency
SENSOR
⚖️
L3 · Governance Gate
POLICY
L4 · Execute + Verify
VERIFY
🔐
L5 · Crypto Audit
AUDIT
🖥️
GPU Hardware
PCIe x16
Layer Breakdown

Each layer, explained

LAYER 01
Hardware Clamping
Directly writes the GPU's power limit register to a configured ceiling. No software path can circumvent this — it is enforced at the hardware level regardless of OS or driver state.
Below OS
LAYER 02
Thermal Emergency
Continuously polls thermal sensors. When temperature exceeds a configured threshold, this layer triggers an emergency power reduction in under 2ms — independently of all other layers.
<2ms Response
LAYER 03
Governance Gates
Evaluates every power limit request against a configurable ruleset before execution. Requests can be approved, modified, or rejected. Rules are enterprise-configurable.
Configurable
LAYER 04
Execute + Verify
Applies the approved power limit and immediately reads back the hardware register to confirm the intended state was achieved. Delta of zero is required to proceed — otherwise the event is flagged.
Readback Verified
LAYER 05
Cryptographic Audit
Appends a signed, HMAC-SHA256 chained log entry for every action. The chain links each entry to its predecessor — any insertion, deletion, or modification breaks the chain and is immediately detectable.
HMAC-SHA256
Failure Isolation

Designed for any layer to fail

The SPARK-XC architecture assumes failure. Each layer is designed to function correctly even if every other layer has failed.

⚡ No Shared State
Layers do not read from or write to shared memory structures. A corruption in one layer's state cannot affect another layer's enforcement logic.
🔒 Independent Enforcement
Layer 1 enforces a power ceiling regardless of whether Layers 2–5 are running. Layer 5 logs regardless of whether Layers 1–4 succeeded.
📋 Failure Logging
A failure in any layer is itself a loggable event. Layer 5 records fault conditions from other layers — the audit trail remains complete even when enforcement degrades.
🛡️ Defense-in-Depth
For an attacker to bypass SPARK-XC's safety enforcement, they must simultaneously defeat all five independent layers — each with a different attack surface.
🔄 No Single Path
There is no single code path, configuration file, or process that controls all safety layers. Each layer has its own enforcement mechanism.
📊 Verifiable Properties
The safety properties of each layer are independently measurable. Hardware register readback, thermal sensor data, and the audit chain are each externally verifiable.
Technical Detail

The audit chain, concretely

Each log entry includes a timestamp, action parameters, layer state snapshot, and an HMAC computed over the entry concatenated with the previous entry's hash — creating a cryptographic chain.

// SPARK-XC Audit Chain Entry (schematic) { "seq": 14820, "timestamp_us": "2025-09-14T09:14:02.118Z", "layer": "L4_EXEC_VERIFY", "action": "SET_POWER_LIMIT", "requested_w": 350, "enforced_w": 300, "readback_w": 300, "delta_w": 0, "prev_hash": "2e57a3...419f", "entry_hmac": "f33c91...8b02" // HMAC-SHA256(entry || prev_hash) }
Go Deeper

Explore the pipeline layer by layer

See exactly how each layer interacts, what data flows between them, and how the system behaves under fault conditions.

View Pipeline Details → Contact Us