Expand description
Security features for GPU kernel protection and compliance.
This module provides enterprise-grade security features:
- Memory Encryption: Encrypt sensitive GPU memory regions
- Kernel Sandboxing: Isolate kernels with resource limits and access controls
- Compliance Reports: Generate audit-ready compliance documentation
§Feature Flags
crypto- Enables real AES-256-GCM and ChaCha20-Poly1305 encryption (requiresaes-gcm,chacha20poly1305,argon2,rand,zeroizecrates)
Without the crypto feature, a demo XOR-based implementation is used
(NOT suitable for production - only for testing/development).
§Memory Encryption
ⓘ
use ringkernel_core::security::{MemoryEncryption, EncryptionConfig, EncryptionAlgorithm};
let config = EncryptionConfig::new()
.with_algorithm(EncryptionAlgorithm::Aes256Gcm)
.with_key_rotation_interval(Duration::from_secs(3600));
let encryption = MemoryEncryption::new(config)?;
let encrypted = encryption.encrypt_region(&sensitive_data)?;
let decrypted = encryption.decrypt_region(&encrypted)?;§Kernel Sandboxing
ⓘ
use ringkernel_core::security::{KernelSandbox, SandboxPolicy, ResourceLimits};
let policy = SandboxPolicy::new()
.with_memory_limit(1024 * 1024 * 1024) // 1GB
.with_execution_timeout(Duration::from_secs(30))
.deny_k2k_to(&["untrusted_kernel"]);
let sandbox = KernelSandbox::new(policy);
sandbox.apply_to_kernel(&kernel_handle)?;§Compliance Reports
ⓘ
use ringkernel_core::security::{ComplianceReporter, ComplianceStandard, ReportFormat};
let reporter = ComplianceReporter::new()
.with_standard(ComplianceStandard::SOC2)
.with_standard(ComplianceStandard::GDPR);
let report = reporter.generate_report(ReportFormat::Pdf)?;Structs§
- Compliance
Check - A single compliance check.
- Compliance
Report - A complete compliance report.
- Compliance
Reporter - Compliance reporter for generating compliance documentation.
- Compliance
Summary - Summary statistics for a compliance report.
- Encrypted
Region - An encrypted memory region.
- Encryption
Config - Configuration for memory encryption.
- Encryption
Key - Represents an encryption key with metadata.
- Encryption
Stats - Statistics for memory encryption operations.
- Kernel
Sandbox - Kernel sandbox for isolation and resource control.
- Memory
Encryption - Memory encryption manager for GPU memory protection.
- Resource
Limits - Resource limits for sandboxed kernels.
- Sandbox
Policy - Sandbox policy defining what a kernel can access.
- Sandbox
Stats - Statistics for sandbox enforcement.
- Sandbox
Violation - A recorded sandbox violation.
Enums§
- Access
Level - Access control for kernel operations.
- Compliance
Standard - Compliance standard for reporting.
- Compliance
Status - Compliance check result.
- Encryption
Algorithm - Encryption algorithm for GPU memory protection.
- KeyDerivation
- Key derivation function for encryption keys.
- Report
Format - Report output format.
- Violation
Type - Sandbox violation type.