For Security Researchers
dstack is built on a foundation of hardware-enforced security primitives. This section provides detailed technical analysis of each security-critical component, including:- Source code references with direct links to implementation
- Cryptographic protocol analysis and trust boundaries
- Attestation flow diagrams and verification procedures
- Key management architecture and secure storage mechanisms
Core Security Components
TDX Attestation
Remote attestation implementation using Intel TDX hardware primitives
VMM Security
Virtual Machine Manager security boundaries and isolation guarantees
Gateway Protection
Secure ingress/egress with automated certificate management
KMS Architecture
Decentralized key management with hardware-backed secure storage