This repository has been archived by the owner on Nov 10, 2022. It is now read-only.
General design and security principles doc for Enarx #37
Labels
Comments
MikeCamel
added
documentation
|
Please assign this. I want to work on this. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Move from existing draft RFC specific to trust process to new doc.
Recorded here:
`### General requirements
TODO: these requirements seem general to the project, and probably
deserve their own RFC.
The security of the tenant (workload owner) MUST always be considered
paramount when considering designs and implementations of Enarx
components, protocols or other artifacts.
When a trade-off between the security of the tenant and workload needs
to be made against the security of any other party (including host owner),
the security of the tenant MUST always win.
When measures for a party other than the tenant are being considered,
the general principle should be to choose the highest levels of security,
but any choices MUST NOT compromise tenant security.
The tenant workload MUST never be unencrypted on the network (in transit)
within the Enarx-managed process.
The tenant workload MUST never be unencrypted in storage once it has been
transmitted by the Enarx client agent.
The tenant workload MUST never be unencrypted in RAM once it has been
transmitted by the Enarx client agent.
The tenant workload MUST never be available in unencrypted form on the host.
`
The text was updated successfully, but these errors were encountered: