Security & Isolation Standards

Security & Isolation Standards

TasQ enforces multi-layered security measures to protect contributor systems, user data, and computation integrity. All workloads are containerized using isolated runtime environments (Docker, gVisor) to prevent host resource access beyond allocated CPU, GPU, and RAM. These containers operate under strict AppArmor and SELinux profiles, ensuring no unauthorized system calls or external data writes.

For data privacy, TasQ employs a Zero-Knowledge proof verification process (Groth16 and PlonK protocols) to validate computation results without exposing underlying inputs. Sensitive datasets are encrypted in transit using TLS 1.3 with Perfect Forward Secrecy and at rest with AES-256-GCM. Intermediate outputs are stored in ephemeral memory buffers, never written to disk unless explicitly requested by the client.

Isolation Protocols:

• Network Segmentation – Compute nodes communicate only with TasQ’s routing layer, never peer-to-peer.

• Ephemeral Containers – Destroyed post-task execution to prevent data persistence.

• Encrypted Messaging – Libp2p-based encrypted channels for all internal node communications.

Tamper Detection: TasQ integrates rolling hash validation and Merkle proof consistency checks to detect altered outputs. Challenge-response auditing randomly reassigns completed workloads to independent nodes for verification.

In-House and Cloud Integration: Microsoft Azure compute nodes and in-house servers adhere to identical isolation protocols, monitored via TasQ’s proprietary task scheduler. All security updates are deployed simultaneously across the hybrid infrastructure.