Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Security of World Community Grid?

From: James H Moore <jhmfa () RIT EDU>
Date: Wed, 23 Feb 2005 17:56:06 -0500
Yesterday I was asked to evaluate the security of the World Community Grid (
http://www.worldcommunitygrid.org ).  It has its roots in SETI@home, but has
come a long way since then.  The research that they support seems to be very
worthwhile (largely medical research)

The agent that is loaded on the computer is from United Devices (
http://www.ud.com )

I did a little web digging and found the following

1) IBM is behind this, and that security evaluations have been done.

2) The security description says that the only files read on the computer
are ones that indicate the processing power of the system

3) The agent, and the build process are not common criteria certified.

4) The software licensing agreement for the agent has disclaimers so that
the user bears all responsibility.

What I couldn't find, so far:

1) Who is responsible for the security of this massively powerful computing
grid

2) Who can submit jobs to the grid, and what review process is in place to
make sure that there are no ... Buffer overflows, viruses, ...

3) What rights are needed for the agent.  [Although one user shared that he
had installed the agent as a service to try to outrank the firewall..]

4) Do they have a sandbox, and what is its architecture?


If anyone has any other questions, or if they have done a pilot of the
facility, please let me know.

One comment from a security consulting friend was that the problems of
security in grid computing don't lie so much with the grid or the agent, but
with the fact that contemporary desktop operating systems were not designed
for grid computing.

Any help is appreciated

Jim
- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4122 (lab)
(585) 475-7950 (fax)

"In the middle of difficulty lies opportunity." Albert Einstein

"The release of new internet threats have not created a new problem. It has
merely made more urgent the necessity of solving an existing one." Parallels
quote by Albert Einstein on atomic energy

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: