44 lines
No EOL
1.2 KiB
Markdown
44 lines
No EOL
1.2 KiB
Markdown
# Memory Interface Specification
|
|
|
|
## Overview
|
|
Abstract interface for encrypted memory operations meeting security baseline requirements.
|
|
|
|
## Security Requirements
|
|
- All stored data must be encrypted using AES-256-GCM
|
|
- Must integrate with existing RBAC system (rbac_engine.py)
|
|
- Must maintain audit logs for all operations
|
|
|
|
## Interface Methods
|
|
|
|
### create(key: str, value: bytes) -> bool
|
|
- Encrypts and stores value with associated key
|
|
- Returns success status
|
|
- Throws:
|
|
- EncryptionError if encryption fails
|
|
- AccessDenied if RBAC check fails
|
|
|
|
### read(key: str) -> bytes
|
|
- Retrieves and decrypts value for key
|
|
- Returns decrypted bytes
|
|
- Throws:
|
|
- DecryptionError if decryption fails
|
|
- AccessDenied if RBAC check fails
|
|
- NotFound if key doesn't exist
|
|
|
|
### update(key: str, value: bytes) -> bool
|
|
- Updates encrypted value for existing key
|
|
- Returns success status
|
|
- Throws same exceptions as create()
|
|
|
|
### delete(key: str) -> bool
|
|
- Removes key and encrypted value
|
|
- Returns success status
|
|
- Throws AccessDenied if RBAC check fails
|
|
|
|
## Audit Logging Requirements
|
|
All operations must log:
|
|
- Timestamp
|
|
- Operation type
|
|
- Key (hashed for security)
|
|
- Success/failure status
|
|
- Calling user/process |