Security & Research Section
Deep technical analysis of dstack’s security architecture for researchers and security engineers
This section offers an in-depth security analysis of dstack’s TEE implementation. For general information, refer to the Core Concepts section.
For Security Researchers
dstack is built on a foundation of hardware-enforced security primitives. This section provides detailed technical analysis of each security-critical component, including:- Source code references with direct links to implementation
- Cryptographic protocol analysis and trust boundaries
- Attestation flow diagrams and verification procedures
- Key management architecture and secure storage mechanisms
Core Security Components
TDX Attestation
Remote attestation implementation using Intel TDX hardware primitives
VMM Security
Virtual Machine Manager security boundaries and isolation guarantees
Gateway Protection
Secure ingress/egress with automated certificate management
KMS Architecture
Decentralized key management with hardware-backed secure storage