Educause Security Discussion mailing list archives
Security of World Community Grid?
From: James H Moore <jhmfa () RIT EDU>
Date: Wed, 23 Feb 2005 17:56:06 -0500
Yesterday I was asked to evaluate the security of the World Community Grid ( http://www.worldcommunitygrid.org ). It has its roots in SETI@home, but has come a long way since then. The research that they support seems to be very worthwhile (largely medical research) The agent that is loaded on the computer is from United Devices ( http://www.ud.com ) I did a little web digging and found the following 1) IBM is behind this, and that security evaluations have been done. 2) The security description says that the only files read on the computer are ones that indicate the processing power of the system 3) The agent, and the build process are not common criteria certified. 4) The software licensing agreement for the agent has disclaimers so that the user bears all responsibility. What I couldn't find, so far: 1) Who is responsible for the security of this massively powerful computing grid 2) Who can submit jobs to the grid, and what review process is in place to make sure that there are no ... Buffer overflows, viruses, ... 3) What rights are needed for the agent. [Although one user shared that he had installed the agent as a service to try to outrank the firewall..] 4) Do they have a sandbox, and what is its architecture? If anyone has any other questions, or if they have done a pilot of the facility, please let me know. One comment from a security consulting friend was that the problems of security in grid computing don't lie so much with the grid or the agent, but with the fact that contemporary desktop operating systems were not designed for grid computing. Any help is appreciated Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "In the middle of difficulty lies opportunity." Albert Einstein "The release of new internet threats have not created a new problem. It has merely made more urgent the necessity of solving an existing one." Parallels quote by Albert Einstein on atomic energy ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Attachment:
smime.p7s
Description:
Current thread:
- Security of World Community Grid? James H Moore (Feb 23)