river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sim IJskes - QCG <...@qcg.nl>
Subject Re: Towards Internet Jini Services (dos attacks)
Date Wed, 29 Sep 2010 15:42:14 GMT
On 09/29/2010 03:05 PM, Zoltan Juhasz wrote:
> object has something nasty executing during within the readObject() method,
> it's too late to do anything. We had made experiments putting an infinite
> loop into an object's default constructor (I think) and you got a 100% CPU
> load at the service side before even knowing what the object was.

Zoltan, this is exactly the problem with downloading code. Downloading 
code is only feasable for parties with strong trust relations.

When you execute code from another party you become responsible for the 
actions of that code. You can limit the freedom of this code through the 
use of policies.

Your example of the loop, is one example of where we are missing a 
policy option. The amount of CPU a thread can use and the amount of 
memory a thread can allocate is unlimited.

So basically you can only execute code from sources you trust. Sandbox 
or no sandbox.

 > We had the
> solution to use certificates and only accept service invocations from
> trusted parties but this is very difficult to enforce over the Internet. (or
> you have to contrain the system to a specific task that is only used by a
> closed group via the Internet).

Exactly. A closed user group is a group with a collective trust structure.

I'm not convinced the esthablisment of trust is impossible over the 
internet. PGP is succesfull, HTTPS is successfull, although very 
fragile. So lets define our new trust structure.

Gr. Sim

Mime
View raw message