Memguard - Secure Software Enclave For Storage Of Sensitive Data Inwards Memory

Secure software enclave for storage of sensitive information inward memory.

This packet attempts to cut back the likelihood of sensitive information existence exposed. It supports all major operating systems in addition to is written inward pure Go.

Features

• Sensitive information is encrypted in addition to authenticated inward retentiveness using xSalsa20 in addition to Poly1305 respectively. The scheme likewise defends against cold-boot attacks.
• Memory allotment bypasses the linguistic communication runtime yesteryear using organisation calls to question the nub for resources directly. This avoids interference from the garbage-collector.
• Buffers that shop plaintext information are fortified amongst guard pages in addition to canary values to break spurious accesses in addition to overflows.
• Effort is taken to forbid sensitive information from touching the disk. This includes locking retentiveness to forbid swapping in addition to treatment core dumps.
• Kernel-level immutability is implemented thus that attempted modification of protected regions results inward an access violation.
• Multiple endpoints furnish session purging in addition to rubber termination capabilities equally good equally signal treatment to forbid remnant information existence left behind.
• Side-channel attacks are mitigated against yesteryear making certain that the copying in addition to comparing of information is done inward constant-time.
• Accidental retentiveness leaks are mitigated against yesteryear harnessing the garbage-collector to automatically destroy containers that cause got buy the farm unreachable.

Some features were inspired yesteryear libsodium, thus credits to them.
Full documentation in addition to a consummate overview of the API tin last industrial plant life here. Interesting in addition to useful code samples tin last industrial plant life inside the examples subpackage.

Installation

$ buy the farm acquire github.com/awnumar/memguard

We strongly encourage you lot to pivot a specific version for a laid upwards clean in addition to reliable build. This tin last accomplished using modules.

Contributing

• Using the packet in addition to identifying points of friction.
• Reading the source code in addition to looking for improvements.
• Adding interesting in addition to useful programme samples to ./examples.
• Developing Proof-of-Concept attacks in addition to mitigations.
• Improving compatibility amongst to a greater extent than kernels in addition to architectures.
• Implementing kernel-specific in addition to cpu-specific protections.
• Writing useful safety in addition to crypto libraries that utilise memguard.
• Submitting performance improvements or benchmarking code.

Issues are for reporting bugs in addition to for give-and-take on proposals. Pull requests should last made against master.

Future goals

• Ability to current information to in addition to from encrypted enclave objects.
• Catch partitioning faults to wipe retentiveness earlier crashing.
• Evaluate in addition to meliorate the strategies inward place, especially for Coffer objects.
• Formalise a threat model in addition to evaluate our functioning inward regards to it.
• Use lessons learned to apply patches upstream to the Go linguistic communication in addition to runtime.

Download Memguard