Security

Security Whitepaper

Name: Sentinel by ZeroCopy
Brand: ZeroCopy Systems
Availability: InStock

Technical architecture and threat model for hardware-isolated signing infrastructure.

Version 1.0|Last Updated: January 2026

Executive Summary

ZeroCopy Systems provides hardware-isolated signing infrastructure built on AWS Nitro Enclaves. Our architecture eliminates the need for trust in operators, administrators, or cloud providers by enforcing cryptographic isolation at the hardware level.

Core Security Properties

Hardware Isolation: Private keys exist only in encrypted enclave memory. No root access, no SSH, no debugging interfaces.
Cryptographic Attestation: Every request includes a PCR0 measurement proving the exact enclave code running.
Zero-Knowledge Architecture: ZeroCopy employees cannot access keys, even under subpoena.
Reproducible Builds: Enclave images are designed for independent verification of source code. Build reproducibility tooling is under development.

Threat Model

Assumptions

AWS Nitro Hypervisor is trusted (independently audited by NCC Group)
Client-side key generation is secure (user responsibility)
Network layer is adversarial (TLS + attestation required)

Mitigated Threats

Insider Attack: Operators cannot extract keys from enclave
Supply Chain: Reproducible builds prevent backdoored binaries
Memory Dump: Encrypted memory prevents cold boot attacks
Side Channel: Constant-time crypto (RFC 6979 deterministic ECDSA) + enclave isolation

Architecture Overview

The system consists of three layers:

Client Layer: User-controlled application (trading bot, wallet, AI agent)
Sidecar Layer: Vsock proxy running on parent EC2 instance
Enclave Layer: Nitro Enclave with signing logic and policy engine (6 rule types: notional limits, rate limiting, contract whitelist/blacklist, chain restrictions, time windows, AI risk scoring)

Compliance

Our architecture is designed to meet the following regulatory requirements:

SEC 17a-4: Immutable audit logs with hash chaining
MiCA (EU): Operational resilience and key custody controls
EU AI Act Article 14: Hardware-enforced human oversight via kill switch and policy engine
SOC 2: Type I planned (via Vanta/Drata). Type II to follow after 6-month observation period.

Independent Verification

All claims in this whitepaper can be independently verified:

# Verify enclave measurement
zcp verify --pcr0 3a1f...9c2d

# Reproduce enclave build (access granted to customers)
git clone https://github.com/zerocopy-systems/sentinel-core
docker build -f EIF.Dockerfile -t sentinel:latest .

Contact

For security inquiries or to report vulnerabilities, contact: [email protected]

Executive Summary

Core Security Properties

Hardware Isolation: Private keys exist only in encrypted enclave memory. No root access, no SSH, no debugging interfaces.

Cryptographic Attestation: Every request includes a PCR0 measurement proving the exact enclave code running.

Zero-Knowledge Architecture: ZeroCopy employees cannot access keys, even under subpoena.

Reproducible Builds: Enclave images are designed for independent verification of source code. Build reproducibility tooling is under development.

Threat Model

Assumptions

AWS Nitro Hypervisor is trusted (independently audited by NCC Group)
Client-side key generation is secure (user responsibility)
Network layer is adversarial (TLS + attestation required)

Mitigated Threats

Insider Attack: Operators cannot extract keys from enclave
Supply Chain: Reproducible builds prevent backdoored binaries
Memory Dump: Encrypted memory prevents cold boot attacks
Side Channel: Constant-time crypto (RFC 6979 deterministic ECDSA) + enclave isolation

Architecture Overview

The system consists of three layers:

Client Layer: User-controlled application (trading bot, wallet, AI agent)

Sidecar Layer: Vsock proxy running on parent EC2 instance

Enclave Layer: Nitro Enclave with signing logic and policy engine (6 rule types: notional limits, rate limiting, contract whitelist/blacklist, chain restrictions, time windows, AI risk scoring)

Compliance

Our architecture is designed to meet the following regulatory requirements:

SEC 17a-4: Immutable audit logs with hash chaining

MiCA (EU): Operational resilience and key custody controls

EU AI Act Article 14: Hardware-enforced human oversight via kill switch and policy engine

SOC 2: Type I planned (via Vanta/Drata). Type II to follow after 6-month observation period.

Independent Verification

All claims in this whitepaper can be independently verified:

# Verify enclave measurement
zcp verify --pcr0 3a1f...9c2d

# Reproduce enclave build (access granted to customers)
git clone https://github.com/zerocopy-systems/sentinel-core
docker build -f EIF.Dockerfile -t sentinel:latest .

Contact

For security inquiries or to report vulnerabilities, contact: [email protected]