You are viewing a single comment's thread from:
RE: RAC versus TCD: Case study 3
Very good case studies, thank you. I think the hoarding WU exploit you mentioned in previous posts is something that we should keep an eye on. As far as I know, there's no way to verify for certain that it's happening, so observation may be the only way. If it ends up being a problem we should look into some of the proposals you mentioned.
Sure, thanks! Although I think some preemptive action is warranted, I agree this should be accompanied by real-time monitoring to see whether the initial countermeasures were sufficient. We could even set a small bounty for anyone who can demonstrate a significant enough exploit in practice ;)
I agree, but what would it look like? You made some proposals in your last post, but the first two require direct changes in BOINC, which in my understanding is something both the GridCoin community and the BOINC community want to avoid. The third one is sort-of addressed by the greylist, but maybe it could be improved.
That's a good idea, I think it is possible this will be occurring the more popular GridCoin becomes.
Hmm.. well to be honest, the first two proposals I just kinda threw out there because. The third proposal is the main one. That being said, I don't think the first two involve changes to BOINC, since the caching function is already built into the source code. We'd just be changing the way users and project admins alike approach that functionality.
Anyways, I think a carefully constructed greylisting procedure would be a pretty solid fix to the potential exploits. In the context of the current post, we'd just need to buffer changes to the whitelist with sufficient forewarning to prevent exploitation by insiders on the process.
Sounds reasonable. Any particular buffers in mind? Or do you think another analysis would be necessary?