Threat Model

Assumptions

• Host OS is honest-but-curious in standard tier
• The SDK runtime is not actively malicious
• Attested tier assumes the enclave runtime is trusted

Adversaries

• Network attackers observing traffic
• Cloud model providers (honest-but-curious)
• Local privileged attackers outside the TEE

In scope protections

• Raw data never leaves the host
• Boundary violations are detected and rejected
• Attestation evidence can be verified against expected measurement and output

Out of scope

• Fully compromised host or kernel
• Physical attacks on firmware or hardware
• Advanced hardware side-channel attacks

---

Prev: Guarantees | Next: Integration Overview