[erlang-questions] Securely running code on an untrusted client
Jakob Sievers
cadr4u@REDACTED
Tue Jan 8 08:36:44 CET 2008
> Travis Jensen said:
[SNIP]
> So, let me break it down a little more...
>
> - Client connects to server.
> - Server sends code to client
> - Client runs process
> - Clients sends result to server
> - Server trusts client result
>
> In the middle of this is the fact that I don't really trust the client, so I
> would have to know that the result I get from the client is actually the
> result of running the process I sent to the client and not the result of
> some hack. In general, there are two hack concerns: hacking the running
> process to process differently and hacking the resulting data stream to give
> a fake result.
[SNIP]
Have you looked at how SETI@REDACTED/BOINC accomplishes this?
At the very least, I think, you'll want to introduce some redundancy
(i.e. sending the same code to several clients and comparing the results),
or is this not an option?
In any case, some of these papers ought to be of interest:
http://boinc.berkeley.edu/trac/wiki/BoincPapers
Cheers,
Jakob
More information about the erlang-questions
mailing list