We assume the infrastructure is compromised. Our security guarantees are rooted in silicon, not software policies.
Steleum is designed to protect against a powerful adversary who has:
We utilize Intel® Total Memory Encryption (TME) and SGX. The memory encryption keys are generated inside the CPU package and are never accessible to software. If an attacker dumps the RAM, they see random noise.
Before your application receives any secrets (API keys, datasets), it must prove its identity. The CPU generates a signed "Quote" containing the hash of the running code. This Quote is verified by the client, ensuring you are talking to a genuine, unmodified enclave.