Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking โ€œSign up for GitHubโ€, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security foundations section #487

Merged
merged 30 commits into from
Jan 31, 2025
Merged
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
648221f
feat: add new security section
coroiu Nov 22, 2024
585c402
feat: port definitions
coroiu Nov 22, 2024
bf8369d
feat: add first principle
coroiu Nov 22, 2024
e65f223
feat: add second principle
coroiu Nov 25, 2024
cebbeb3
feat: add third principle
coroiu Nov 25, 2024
40a8bb7
feat: add note about TEEs to P03
coroiu Nov 25, 2024
6e650d7
chore: change protection > security
coroiu Nov 25, 2024
bcd9467
feat: add forth principle
coroiu Nov 25, 2024
8da13ec
feat: add fifth principle
coroiu Nov 25, 2024
4c755bb
feat: add fifth principle
coroiu Nov 25, 2024
e958797
feat: add an overview page
coroiu Nov 25, 2024
5d8a121
fix: remove repetition
coroiu Nov 25, 2024
3247efe
chore: rename file to match content
coroiu Nov 25, 2024
f9e585d
refactor: use hyphen in title
coroiu Nov 25, 2024
425f808
fix: links
coroiu Nov 25, 2024
e4f44ea
refactor: remove any after comment
coroiu Nov 25, 2024
b4a8c8d
feat: add current version of requirements
coroiu Nov 26, 2024
0222f3f
feat: add introduction to requirement structure
coroiu Nov 26, 2024
663b464
feat: add Client definition
coroiu Dec 10, 2024
aaca302
fix: tweak user definition
coroiu Dec 10, 2024
0373e12
feat: add technical consideration section to P01
coroiu Dec 10, 2024
528330f
fix: clarify which data locking protects
coroiu Dec 10, 2024
d5548f7
fix: typo
coroiu Dec 10, 2024
563e3a7
fix: change `linger` to `not present in memory`
coroiu Jan 9, 2025
83f0d56
fix: re-define sharing to match EA, previous definition of sharing isโ€ฆ
coroiu Jan 9, 2025
8eceee3
fix: font-weight
coroiu Jan 22, 2025
952a43c
feat: add token protected in transit req
coroiu Jan 22, 2025
7de826f
feat: change AT.2 to `must`
coroiu Jan 22, 2025
43c1e0e
chore: move security under architecture
coroiu Jan 27, 2025
43675f6
fix: various copy feedback
coroiu Jan 27, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
feat: add second principle
coroiu committed Nov 25, 2024
commit e65f22323f0f3a45a536c3c15e260971bf9b5747
10 changes: 10 additions & 0 deletions docs/security/principles/02-safeguards-on-semi-compromised.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# 02. Safeguards for vaults on semi-compromised devices

A semi-compromised device is one where malware exists in User Space but has not breached Kernel or
OS-level protections. On such devices, clients must leverage available protections to prevent
malware from accessing plaintext vault data while the vault is unlocked.

- **Technical controls** (e.g., data compartmentalization or HSMs): Clients should maximize the use
of Kernel/OS-level protections or other available system mechanisms to safeguard vault data.
- **Administrative controls** (e.g., biometrics, 2FA, approval flows): Clients should balance
security and usability, avoiding excessive complexity in the user flow.