Security
This only applies to the Narval Managed Cloud. If deploying the Armory Stack in a self-hosted environment, you are responsible for securing the system.
We utilize multiple strategies at various layers of the software & hardware stack to ensure a highly-secure operating environment.
Nitro Enclaves: Use confidential compute to protect secrets at runtime & attest to the actual code running on the server.
MPC: Use distributed key generation and signing so sensitive keys never live in one place and no single point of failure.
Digital Signatures: All sensitive data and requests are signed to guarantee authenticity and provide non-repudiation of requests.
Encryption: Data is encrypted at rest & transit, decrypted within Enclaves.
Automation: Infrastructure is fully automated with Terraform, deployments are fully managed in CI/CD using GitOps methodology.
Policy Engine
Risks
If policy or data sets are altered, malicious access could be granted.
Mitigation
Policy & data sets are signed. The auth engine verifies integrity before processing.
Data, signature, and verifying public key are hosted separately.
If the policy engine logic is altered, policy rules can be bypassed.
Mitigation
Build policy logic around Rego, a declarative policy-as-code language.
Audit & open-source the Policy Engine [coming soon]
Run the Policy Engine in Nitro Enclaves, attesting the software running.
If the keys used to sign the evaluation decision are compromised, tokens can be forged
Mitigation
Use MPC TSS (threshold signing) to sign access tokens.
Run the Policy Engine as part of a 3/3 MPC signing scheme. All 3 engine nodes must evaluate the same decision in order to complete the signature. Keyshares are generated and stored encrypted within the enclaves.
A compromised access token can be used by a malicious party
Mitigation
Access tokens are client-bound, referencing the client's credential.
All HTTP requests are signed by the client, proving authenticity & non-repudiation of the request.
Last updated