Stronghold Adoption Proposal: Trusted Execution Environment (TEE) Replacement

[felsweg-iota]

note: Stronghold Adoption Proposals shall incite ideas where Stronghold could be integrated.

Stronghold Adoption Proposal: Trusted Execution Environment (TEE) Replacement

Overview

Use Stronghold as middleware to provide an API to integrate trusted execution environments on supported platforms.

Motivation

Stronghold shall work as an add-in replacement for APIs offering protected and ideally isolated memory operations, giving access to either hardware based security, or kernel level memory protection. The intent is to simplify access to respective interfaces, while keeping the same safety and security guarantees. The assumption is, that having a consistent and easy to use API from Stronghold will improve the development of secure systems.

Use Case Discussion

Storing and Processing Secret Data At Runtime

Stronghold's internal runtime system can be reused to store secret data into quasi-enclaves, that is isolated regions of memory not accessible to other user and non-privileged processees. Making use of the client API will enable the integrating system to use the procedures framework to work with secrets inside the vault in a more convenient manner. Alternatively, the runtime itself offers the capabilities to isolate the access to secrets in a limited scoped execution, thus accessing the secret data is possible, but moving data around or even transfer it to unauthenticated memory harder.

Integration

Stronghold can be directly used as rust library compiled from source into a desired project. With more and more language bindings coming up for Stronghold, integrating Stronghold on code level for remote data signing will become more easier and flexible.

Alternatives

Strongold offers the flexibility to work with abstracted interfaces, but sometimes integrating software requires a higher degree of configurability.

Data can be signed by either using the utility programs from gnuPG using the internally stored private keys, or together with the help of a hardware token. The latter is recommended to keep private sensitive data from being exposed to malicious actors.