Secure software enclave for storage of sensitive information in memory.
Features
- Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.
- Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.
- Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
- Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
- Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
- Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
- Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.
- Accidental memory leaks are mitigated against by harnessing the garbage-collector to automatically destroy containers that have become unreachable.
Full documentation and a complete overview of the API can be found here. Interesting and useful code samples can be found within the examples subpackage.
Installation
$ go get github.com/awnumar/memguard
We strongly encourage you to pin a specific version for a clean and reliable build. This can be accomplished using modules.Contributing
- Using the package and identifying points of friction.
- Reading the source code and looking for improvements.
- Adding interesting and useful program samples to
./examples
. - Developing Proof-of-Concept attacks and mitigations.
- Improving compatibility with more kernels and architectures.
- Implementing kernel-specific and cpu-specific protections.
- Writing useful security and crypto libraries that utilise memguard.
- Submitting performance improvements or benchmarking code.
Future goals
- Ability to stream data to and from encrypted enclave objects.
- Catch segmentation faults to wipe memory before crashing.
- Evaluate and improve the strategies in place, particularly for Coffer objects.
- Formalise a threat model and evaluate our performance in regards to it.
- Use lessons learned to apply patches upstream to the Go language and runtime.