Technotes

In this page, we provide some more in depth explanations regarding some technical questions that developers might have:

SCONE Volumes

In this first technote, we explain how SCONE protects the confidentiality and integrity of files. Volumes are used to store persistent data. A SCONE volume is transparently encrypted, i.e., an application using a SCONE volume is not even aware that the files stored in the volume are encrypted.

SCONE Key Rotation

We explain how Scone limits the usage of an encryption key. When using automatically generated Scone volumes, the encryption keys are only known by the Scone runtime of trusted applications running inside enclaves. We show how to rotate encryption keys to limit the lifetimes of encryption keys.

SCONE Mutual Attestation

We explain how SCONE supports TLS termination inside of an enclave and mutual attestation and verification with the help of TLS. SCONE helps ensure that clients and services are always using TLS to encrypt the messages sent between these. Moreover, we show how one can use mutual authentication to perform a mutual attestation and verification. Only if both the client and the server satisfy their attestation requirements, they get access to their TLS private key and TLS certificate. Only then can they successfully establish a TLS connection.

SCONE Certificate Management

We explain how SCONE cas supports certificate and secret management. We will give an overview on how to define certificates with the help of policies and how to protect the policy itself.