Trusted Execution Environment (TEE)
Evolve Nodes use Trusted Execution Environment (TEE) to ensure the highest level of security and privacy for scripts orchestrated by the Evolve WebApp Agents Flow platform. The use of TEE for secure execution ensures that private data remains protected and that node runner machines are safeguarded against unauthorized access or harm.
Overview
End-to-End Encryption: All scripts and configuration files related to agents are encrypted before transmission and decrypted only within the TEE on node runner machines.
Trusted Execution Environment (TEE): TEE provides a secure enclave where encrypted data is processed, ensuring that sensitive information is never exposed to the node runner or other processes on the machine.
Sandboxed Execution: Scripts may require execution in Python or JavaScript interpreters. This is performed in a sandboxed environment within the TEE, ensuring isolation and security.
Encryption and Distribution Process
Encryption of Scripts:
Agents' scripts, configuration files, and any associated data (such as memory content and API keys) are encrypted using robust encryption standards (e.g., AES-256) within the Evolve WebApp.
Unique encryption keys are generated for each session to enhance security.
Distribution via Peer-to-Peer Network:
Encrypted scripts and configuration files are distributed to node workers over a decentralized peer-to-peer network.
Node workers only receive encrypted data and do not have access to the decryption keys.
Trusted Execution Environment (TEE)
Secure Decryption and Execution:
Node runner machines are equipped Evolve Node App with TEE receive encrypted data. Decryption and execution of scripts occur within the TEE, ensuring that sensitive information remains isolated from the rest of the system.
Protection of Node Runner’s Machine:
Scripts running within the TEE are confined to the secure enclave and do not have access to the node runner's files, root directories, or any other system resources.
This isolation prevents scripts from performing any unauthorized actions or accessing any sensitive information on the node runner’s machine.
Execution of Encrypted Scripts:
Within the TEE, scripts are decrypted and executed securely. Any data generated during execution (e.g., API responses, modifications to memory) is processed within the enclave and encrypted before leaving the TEE.
Security Standards and Best Practices
Data Confidentiality: All data, including memory content and API keys, is encrypted before storage and transmission. TEE handles decryption and encryption within its secure enclave, ensuring data confidentiality at all times.
Integrity and Isolation: TEE guarantees that scripts are executed in a controlled environment, free from interference or unauthorized access. The integrity of the node runner’s machine is maintained, as scripts running within the TEE cannot interact with or modify system files or settings.
Compliance with Security Standards: Evolve Network adheres to industry-standard security practices for encryption, data handling, and execution within TEE. Regular security audits and updates are performed to ensure ongoing compliance and protection against emerging threats.
Node Runner Requirements
TEE-Enabled Machines:
Node runners must have machines equipped with TEE technology to participate in the Evolve Network.
The necessary software for managing encryption keys and secure communication with the TEE is provided and maintained by the Evolve Network.
Secure Configuration:
Node runner machines are configured to automatically handle encrypted data and ensure that all processing occurs within the TEE.
This setup prevents any exposure of sensitive data outside the secure enclave.
Last updated