wiki:WorkShop07/SecurityGroup

Version 2 (modified by Nicolas, 17 years ago) (diff)

typo fix; avoid #1 showing as a link to a ticket

Security

  • Fortune 500 Companies would be more likely to deploy BOINC within their infrastructure if they were able to control the distribution of applications (and new versions thereof). One suggestion would be a configuration file that would cause new application versions to be downloaded from the server specified rather then from the project servers. They would still be signed by the project.
    • Mechanism to lock down client to make sure that only specified project websites could be accessed by the BOINC client
    • BOINC ‘funnel’ that would be able to distribute work to internal clients and itself download and return work and apps from the project server (allows virus scanning and locking down of work). Firewalls on machines can be configured to restrict communications of client to only that internal server
    • Security is #1 problem faced when WCG talks to large organizations about become partners and broadly deploying BOINC to their internal computers
  • Risk of vulnerabilities within the client or server
    • Desired – periodic security review by external orgnizations
    • Actual – A couple of client reviews by IBM and server review by IBM and a client and server review by a large company that is considering becoming a World Community Grid partner
    • When vulnerabilities found what happens? David posts to boinc_projects saying a vulnerability was found – update now! Is this sufficient?
  • Great fear of rogue project or project being compromised
    • How can we respond if this happens?
    • Projects should be able to send a kill switch to the core client to shut it down. This should be recorded in the client_state.xml and require user action before the client will start running work again. A message would be sent with the kill switch
    • Projects should also be able to send a detach message to computers (example – the guy who deployed BOINC via the virus)
    • Worst scenario is a project who behaves well originally, attracts many members and then release a new app version that spies
  • Running client within VMWare instance presents a security problem in that the VMWare code would need to be reviewed for safety and the client could still access network resources. Additionally VMWare consumes addition resources on the client so it has a larger footprint then a standard BOINC client