Jens Grabarske wrote:
Hi, everybody!
We are nearing the first milestone of my project and, full of pride, I showed
my project director all the cool stuff I built with Mozart. I didn't fail to
praise how incredibly easy the distribution system works, how simple it was
to let prospective computation servers look for their master using Discovery
and the like. He was very pleased. And then he asked about security.
"Ah, well. Yes. There's something like an SSL patch for the Mozart interfaces,
but it's not EXACTLY secure." I admitted, quoting what I had read on the
project page. "So the system currently opens several ports to communicate
with the other machines - and everything is going on unencrypted?" - "Yepp."
And then his face turned green.
Well. Not literally. We already considered IPSec as an option to secure what
Oz can't anyway. But the crucial question is: can we do better? (Well,
helping you guys with the SSL patch for Oz would actually be an option, but
aside from that?) Is there someway to waterproof the connections between
different Oz engines? Do you guys have similiar problems on your projects and
how do you solve them? Is there any way to restrict certain communications
(either from the distribution subsystem or the Discovery-thingy) to certain
network interfaces?
Thanks for your answers and have a nice weekend,
Jens
(who'll be on vacation next week, so don't be upset if I don't answer back
right away...)
Dear Jens,
We have done some experiments with adding security to the distribution
system of Mozart,
but nothing has made it into the release yet. You should check out
deliverables D4.3 and
D4.4 of the PEPITO project, which report on the results (see
http://www.sics.se/pepito/deliverables.html).
We are also working on a secure version of the Oz language
(provisionally called 'Oz-E',
see http://www.info.ucl.ac.be/people/PVR/oze.pdf). All of this is still
'on the drawing board'.
You can see that SSL is a good option in the short term (maybe submit a
MEP?)!
Boris Mejias is completing the work on Erik Klintskog's DSS
(Distribution Subsystem), which
should make it into the next release. Maybe he can say a few words on
security in the DSS.
Peter
_________________________________________________________________________________
mozart-users mailing list
[email protected]
http://www.mozart-oz.org/mailman/listinfo/mozart-users
