- A security principle
- A set of formally proved rules
- A reference implementation in Rust
- Rust
- Typestate
Check the OCALL parameters which may leak secret.
- Static Analysis (constant/taint analysis) (MIRAI)
Zerorize the Zone.
Zone <-> Stack + Reg + Heap
- For stack & reg: instrumentation (TODO)
- For heap: modify Rust's memory deallocator (TODO)
- RA-TLS
- Secure secret provisioning
- Enarx Evaluation (TVM in WASM)
- What attack vectors are defended?
- Verification Overhead
- Runtime Overhead
- Single- vs. Multi-User Enclave
- Porting efforts is acceptable
- Verifier can find the problems