Changes between Version 7 and Version 8 of SecurityIssues
- Timestamp:
- Jun 10, 2008, 2:01:15 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SecurityIssues
v7 v8 14 14 BOINC provides mechanisms to reduce the likelihood of some of these attacks. 15 15 16 '''Result and credit falsification''' 16 == Result and credit falsification == 17 17 18 These can be reduced using 19 [ValidationSummary replication or other result validation methods]. 18 These can be reduced using [ValidationSummary replication or other result validation methods]. 20 19 21 '''Malicious executable distribution''' 20 == Malicious executable distribution == 22 21 23 22 BOINC uses [CodeSigning code signing] to prevent this. … … 25 24 they will not be able to cause clients to accept a false code file. 26 25 27 '''Denial of server attacks on data servers''' 26 == Denial of server attacks on data servers == 28 27 29 28 BOINC provides an optional mechanism, '''upload certificates''', … … 37 36 and ensures that the amount of data uploaded does not exceed the maximum size. 38 37 39 '''Theft of participant account information by server attack''' 38 == Theft of participant account information by server attack == 40 39 41 40 Each project must address theft of private account information … … 51 50 and volunteer computing in general. 52 51 53 '''Theft of participant account information by network attack''' 52 == Theft of participant account information by network attack == 54 53 55 54 Attackers sniffing network traffic could get a user's account key, … … 57 56 BOINC does nothing to prevent this. 58 57 59 '''Theft of project files''' 58 == Theft of project files == 60 59 61 60 The input and output files used by BOINC applications are not encrypted. … … 64 63 where it is easy to access with a debugger. 65 64 66 '''Intentional abuse of participant hosts by projects''' 65 == Intentional abuse of participant hosts by projects == 67 66 68 67 BOINC uses account-based sandboxing: … … 72 71 applications will have no access to files outside of the BOINC directory. 73 72 74 '''Accidental abuse of participant hosts by projects'''73 == Accidental abuse of participant hosts by projects == 75 74 76 75 BOINC prevents some problems:
