1.2 KiB
1.2 KiB
Memory Interface Specification
Overview
Abstract interface for encrypted memory operations meeting security baseline requirements.
Security Requirements
- All stored data must be encrypted using AES-256-GCM
- Must integrate with existing RBAC system (rbac_engine.py)
- Must maintain audit logs for all operations
Interface Methods
create(key: str, value: bytes) -> bool
- Encrypts and stores value with associated key
- Returns success status
- Throws:
- EncryptionError if encryption fails
- AccessDenied if RBAC check fails
read(key: str) -> bytes
- Retrieves and decrypts value for key
- Returns decrypted bytes
- Throws:
- DecryptionError if decryption fails
- AccessDenied if RBAC check fails
- NotFound if key doesn't exist
update(key: str, value: bytes) -> bool
- Updates encrypted value for existing key
- Returns success status
- Throws same exceptions as create()
delete(key: str) -> bool
- Removes key and encrypted value
- Returns success status
- Throws AccessDenied if RBAC check fails
Audit Logging Requirements
All operations must log:
- Timestamp
- Operation type
- Key (hashed for security)
- Success/failure status
- Calling user/process