Skip to main content

Module models

palisade_errors

Module models 

Source
Expand description

Dual-context error handling for honeypot systems with type-enforced trust boundaries.

§Architecture

This module separates public-facing error messages from internal diagnostic data using distinct types that cannot be confused at compile time:

  • PublicContext: Contains data safe for external display (truthful or deceptive)
  • InternalContext: Contains diagnostic data restricted to authenticated SOC access
  • DualContextError: Pairs these contexts with enforced consistency rules

§Trust Boundary Enforcement

The type system prevents accidental cross-boundary leakage:

  • PublicContext implements Display for external rendering
  • InternalContext implements Display as redacted placeholder only
  • No implicit conversions exist between these types

§Feature Gates

When external_signaling is disabled, PublicTruth variant is unavailable at compile time. This forces all external outputs to use DeceptiveLie, ensuring honeypot deployments cannot accidentally expose truthful diagnostic information.

§Memory Safety Strategy

Sensitive data receives best-effort clearing from memory on drop:

  1. Owned strings: Cleared via zeroize crate (handles heap buffers)
  2. Compiler optimization: Volatile writes prevent LLVM dead-store elimination
  3. Instruction ordering: Compiler fences prevent reordering across security boundaries

§What This Does NOT Guarantee

  • Hardware cache visibility: Compiler fences do not flush CPU caches
  • Cross-thread guarantees: Other threads may observe old values in cache
  • Allocator-level security: Memory may be reallocated before physical clearing
  • DMA or swap: OS/hardware may have copied data before zeroization

This protects against compiler optimizations and casual memory inspection. It does NOT provide HSM-grade secure memory wiping. For that, use platform-specific APIs (mlock, SecureZeroMemory, etc.) and dedicated secure allocators.

Structs§

DualContextError
Dual-context error model for honeypot systems with constructor-enforced invariants.
InternalContext
Type-safe wrapper for internal-only error contexts.
PublicContext
Type-safe wrapper for public-facing error contexts.
SocAccess
Capability token for accessing sensitive internal context data.

Enums§

InternalPayload
Zero-allocation internal payload for SOC logging.
OperationCategory
Operation category for contextualizing errors without revealing architecture.