Skip to content

Security

Gatekeeper's trust model is based on the following points:

  • Evaluation correctness
  • Bundle integrity (descriptor & whitelist rules)
  • Response integrity (trust in the result)
  • System security

Evaluation correctness

Risk: If the evaluation can be incorrect, then you cannot trust it for anything.

Mitigation:

  • Lightweight declarative evaluation engine
  • No dependencies on external systems
  • No data persistence
  • Can be run in a TEE to validate runtime integrity
  • Bundle data externalized & verified; does not require new build to add additional protocols or rules.
  • Comprehensive 3rd party audit (Zellic, December 2025)

Bundle integrity (descriptor & whitelist rules)

Risk: If decoding descriptors or whitelist rules are tampered with, then a malicious payload can be permitted.

Mitigation:

  • Decoding Descriptors & Whitelist Rules are isolated.
  • Bundle data is versioned and signed. Unauthorized changes will fail to load on Gatekeeper.
  • Bundle change management & signing is managed independently from the Gatekeeper service.
  • Narval-authored rule sets undergo extensive manual & automated testing against thousands of transactions.

Response integrity (trust in the result)

Risk: Consuming system must trust the result was not changed & the desired rules were applied.

Mitigation:

  • Gatekeeper can be configured to add an attestation to the response.
  • Attestation includes information on the bundle version used to evaluate.
  • Response attestation can be verified by any downstream system.

System security

Risk: If the system is compromised, then the evaluation can be incorrect.

Mitigation:

  • Gatekeeper can be deployed in any docker-compatible environment.
  • Gatekeeper inherits the security properties of the host environment.

Change management

Gatekeeper is designed to be self-hosted. This puts you in control of the change management.

  • Narval can release a new version of Gatekeeper, but you choose when to upgrade.
  • Narval can release new descriptor or whitelisting rule sets, but you choose which to use in your Gatekeeper instances.

Narval is unable to change the runtime or the consumed bundle data without your explicit action.

Audit

Gatekeeper was audited by Zellic in December 2025.