mirror of https://github.com/BOINC/boinc.git
*** empty log message ***
svn path=/trunk/boinc/; revision=2111
This commit is contained in:
Karl Chen
parent
965391e944
commit
27a28556c7
|
|
@ -5744,7 +5744,7 @@ Karl 2003/08/14
|
||||||
_autosetup, aclocal.m4, config.h.in (added)
|
_autosetup, aclocal.m4, config.h.in (added)
|
||||||
depcomp, install-sh, missing, mkinstalldirs (added)
|
depcomp, install-sh, missing, mkinstalldirs (added)
|
||||||
*/Makefile.am, */Makefile.in (added)
|
*/Makefile.am, */Makefile.in (added)
|
||||||
*/Makefile
|
*/Makefile (removed)
|
||||||
client/
|
client/
|
||||||
ap_file_io.C
|
ap_file_io.C
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,13 +28,13 @@ and the policy for deciding which are correct, are project-specific.
|
||||||
<p>
|
<p>
|
||||||
|
|
||||||
<li> <b>Grant credit</b>.
|
<li> <b>Grant credit</b>.
|
||||||
Some users will attempt to get undeserved credit
|
Some users will attempt to get undeserved credit by falsifying their CPU
|
||||||
by falsifying their CPU metrics or CPU times.
|
metrics or CPU times. Each project and application can have its own
|
||||||
The back end
|
credit-granting algorithm, for example granting the minimum or the mean of
|
||||||
finds the minimum reported credit for the correct results of a given workunit,
|
the median of all claimed credits (during validation time). The granted
|
||||||
and assigns this amount of credit to all the correct results.
|
credit is assigned to all correct results. This ensures that as long as a
|
||||||
This ensures that as long as a reasonable majority of participants
|
reasonable majority of participants don't falsify credit, almost all credit
|
||||||
don't falsify credit, almost all credit accounting will be correct.
|
accounting will be correct.
|
||||||
<p>
|
<p>
|
||||||
<li> <b>Assimilate results</b>.
|
<li> <b>Assimilate results</b>.
|
||||||
<p>
|
<p>
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
<title>Security</title>
|
<title>Security</title>
|
||||||
<body bgcolor=ffffff>
|
<body bgcolor=ffffff>
|
||||||
<h2>Security</h2>
|
<h2>Security</h2>
|
||||||
<p>
|
<p>
|
||||||
Many types of attacks are possible in public-participation
|
Many types of attacks are possible in public-participation
|
||||||
distributed computing.
|
distributed computing.
|
||||||
<ul>
|
<ul>
|
||||||
<li> <b>Result falsification</b>.
|
<li> <b>Result falsification</b>.
|
||||||
Attackers return incorrect results.
|
Attackers return incorrect results.
|
||||||
|
|
@ -38,9 +38,9 @@ hosts, e.g. by stealing sensitive information stored in files.
|
||||||
A project releases an application that unintentionally abuses participant
|
A project releases an application that unintentionally abuses participant
|
||||||
hosts, e.g. deleting files or causing crashes.
|
hosts, e.g. deleting files or causing crashes.
|
||||||
</ul>
|
</ul>
|
||||||
BOINC provides mechanisms to reduce the likelihood of some of these attacks.
|
BOINC provides mechanisms to reduce the likelihood of some of these attacks.
|
||||||
<p>
|
<p>
|
||||||
<b>Result falsification</b>
|
<b>Result falsification</b>
|
||||||
<p>
|
<p>
|
||||||
This can be probabilistically detected using redundant computing and
|
This can be probabilistically detected using redundant computing and
|
||||||
result verification: if a majority of results agree (according to an
|
result verification: if a majority of results agree (according to an
|
||||||
|
|
@ -50,7 +50,8 @@ application-specific comparison) then they are classified as correct.
|
||||||
<p>
|
<p>
|
||||||
This can be probabilistically detected using redundant computing and
|
This can be probabilistically detected using redundant computing and
|
||||||
credit verification: each participant is given the minimum credit from
|
credit verification: each participant is given the minimum credit from
|
||||||
among the correct results.
|
among the correct results (or some other algorithm, such as the mean of the
|
||||||
|
median claimed credits).
|
||||||
<p>
|
<p>
|
||||||
<b>Malicious executable distribution</b>
|
<b>Malicious executable distribution</b>
|
||||||
<p>
|
<p>
|
||||||
|
|
@ -75,7 +76,7 @@ The core client will accept
|
||||||
a new key only if it's signed with the old key.
|
a new key only if it's signed with the old key.
|
||||||
This mechanism is
|
This mechanism is
|
||||||
designed to prevent attackers from breaking into a BOINC server and
|
designed to prevent attackers from breaking into a BOINC server and
|
||||||
distributing a false key pair.
|
distributing a false key pair.
|
||||||
<p>
|
<p>
|
||||||
<b>Overrun of data server</b>
|
<b>Overrun of data server</b>
|
||||||
<p>
|
<p>
|
||||||
|
|
@ -86,7 +87,7 @@ The public key is stored on the
|
||||||
project's data servers. Result file descriptions are sent to clients
|
project's data servers. Result file descriptions are sent to clients
|
||||||
with a digital signature, which is forwarded to the data server when the
|
with a digital signature, which is forwarded to the data server when the
|
||||||
file is uploaded. The data server verifies the file description, and
|
file is uploaded. The data server verifies the file description, and
|
||||||
ensures that the amount of data uploaded does not exceed the maximum size.
|
ensures that the amount of data uploaded does not exceed the maximum size.
|
||||||
<p>
|
<p>
|
||||||
<b>Theft of participant account information by server attack</b>
|
<b>Theft of participant account information by server attack</b>
|
||||||
<p>
|
<p>
|
||||||
|
|
@ -100,7 +101,7 @@ Projects should be undertaken only the organizations that have
|
||||||
sufficient expertise and resources to secure their servers.
|
sufficient expertise and resources to secure their servers.
|
||||||
A successful
|
A successful
|
||||||
attack could discredit all BOINC-based projects, and
|
attack could discredit all BOINC-based projects, and
|
||||||
public-participation computing in general.
|
public-participation computing in general.
|
||||||
<p>
|
<p>
|
||||||
<b>Theft of participant account information by network attack</b>
|
<b>Theft of participant account information by network attack</b>
|
||||||
<p>
|
<p>
|
||||||
|
|
@ -109,7 +110,7 @@ public-participation computing in general.
|
||||||
The input and output files used by BOINC applications are not encrypted.
|
The input and output files used by BOINC applications are not encrypted.
|
||||||
Applications can do this themselves, but it has little effect
|
Applications can do this themselves, but it has little effect
|
||||||
since data resides in cleartext in memory, where it is easy to access
|
since data resides in cleartext in memory, where it is easy to access
|
||||||
with a debugger.
|
with a debugger.
|
||||||
<p>
|
<p>
|
||||||
<b>Intentional abuse of participant hosts by projects</b>
|
<b>Intentional abuse of participant hosts by projects</b>
|
||||||
</p>
|
</p>
|
||||||
|
|
@ -117,7 +118,7 @@ with a debugger.
|
||||||
BOINC does nothing to prevent this (e.g. there is no "sandboxing" of
|
BOINC does nothing to prevent this (e.g. there is no "sandboxing" of
|
||||||
applications).
|
applications).
|
||||||
Participants must understand that when they join a BOINC project,
|
Participants must understand that when they join a BOINC project,
|
||||||
they are entrusting the security of their systems to that project.
|
they are entrusting the security of their systems to that project.
|
||||||
<p>
|
<p>
|
||||||
<b>Accidental abuse of participant hosts by projects</b>
|
<b>Accidental abuse of participant hosts by projects</b>
|
||||||
<p>
|
<p>
|
||||||
|
|
@ -126,4 +127,4 @@ The chances of it happening can
|
||||||
be minimized by pre-released application testing.
|
be minimized by pre-released application testing.
|
||||||
Projects should test
|
Projects should test
|
||||||
their applications thoroughly on all platforms and with all input data
|
their applications thoroughly on all platforms and with all input data
|
||||||
scenarios before promoting them to production status.
|
scenarios before promoting them to production status.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue