It's similar to the "Tin Foil Chat" [0] project for preventing exfiltration on a network connected device. You have 3 CPUs, one that's offline and accepts user input, has and creates encryption keys. When you want to send a message you create an encrypted blob and bitbang it over an optical diode (one way serial data flow) and the network connected CPU, which is untrusted and considered hostile, is simply asked to send the encrypted blob via tor hidden service so it knows neither content nor recipients. Messages are received as encrypted blobs and passed over a second one-way optical link to the third CPU, which is "offline" but also untrusted since it received arbitrary data from the network. It does at least have the keys from the upstream input device so it can verify the integrity of received messages and ignore any unsigned or unexpected data.
The trick there is, even though the 3rd CPU that does the decryption and can see plaintext secrets is vulnerable & untrusted, it has no network uplink so as long as no data is copy-pasted back to the upstream device, you can be assured no exfiltration. I toyed with the idea of having obtuse ways to bring data from the receiver back upstream to the sender (so that, for instance, I could forward attachments) but the whole point of the system is not to bring untrusted binaries into the first CPU which has both secrets and outbound network access.
TL;DR I think you're on the right track, you might check out how Qubes handles clipboard access.