Security Guarantees

Liveness

If an Instance provisioned by a Provider becomes unavailable due to any reason, the Auditors as per the monitoring protocol detect the same and attempt to re-assign the Job to another Provider. Thus, the downtime for services running on an Instance is bounded, provided there exist alternate Providers for a similar InstanceType. However, until an implementation of Persistence Storage goes live, state can not be ported from one Instance to another. Liveness guarantees, right now, are most useless to stateless applications or cases where state can be recovered based on external data sources.

Tamper-resistance and confidentiality

As elaborated in the section on enclaves, code and data remain isolated and private inside a TEE. Oyster’s integrity and confidentiality guarantees are based on the guarantees provided by the underlying TEE hardware manufacturer (AWS Nitro Enclaves).