Questions and Answers : Getting started : Security of the BOINC software and supporting infrastructure
Message board moderation
Author | Message |
---|---|
Send message Joined: 7 Apr 07 Posts: 3 Credit: 58,919 RAC: 0 |
All, if a certain state government was thinking about using spare computing cycles (for 70,000 desktops) to work on a climate model, that state government would need significant assurance regarding the security of the software. What assurances exist, and with whom can I speak about this idea? Michael K. Hamilton |
Send message Joined: 29 Sep 04 Posts: 2363 Credit: 14,611,758 RAC: 0 |
I don't know whether you are thinking about a real or hypothetical state government, but it doesn't matter because no governments are involved in writing the software. Several pieces of software are involved. All the projects (climateprediction is a project) run on a software platform called BOINC. Read about it here: http://boinc.ssl.berkeley.edu/ I expect you've already downloaded it as otherwise I don't think you'd be able to post here. The chief programmer, Dr David Anderson, is at the University of California in Berkeley. He has a full-time and a part-time paid programmers to help. You can read more about the BOINC software here: http://boinc.ssl.berkeley.edu/wiki/User_manual Part of the security of BOINC stems from the fact that there are email lists on which volunteer helpers can post and collaborate with the development process. The openness of this process would in my view make it extremely difficult to subvert. The climateprediction climate models are based on climate models devised and used by the UK Met Office (called the Unified Model). The climateprediction (CPDN) programmers adapt these models for the specific research being undertaken and configure them for the three platforms: Windows, Linux and Mac. The core research staff are at the University of Oxford, but they collaborate with researchers at a number of universities, notably Southampton in the UK but also others in South Africa, Australia and the USA. The collaborative research is being extended to other countries. I suggest that in the blue menu on the left of this page you explore the Main page link. On the About page you will find a link to some of the staff involved in CPDN, both programmers and researchers. If you have more specific concerns please tell us what they are. Cpdn news |
Send message Joined: 5 Sep 04 Posts: 7629 Credit: 24,240,330 RAC: 0 |
To add a bit (but not much): BOINC itself is open software, and all of the bits, both for the server side, and for the client side, (i.e. the computers which run the models), can be downloaded from the BOINC site, along with instructions for assembling them, and for creating a project. It can then be examined, and if desired, modified. This has already been done by WCG (World Community Grid), I think sponsored by IBM. The version that they run is different in several areas, which causes problems for people who are used to "standard" BOINC, who then join WCG. And the climate models, as Mo has said, was written, developed by, and is owned by the UK Met Office. Your unnamed state government would need to get access permission from the Met office to use them, as do all of the other groups around the world that currently use these modelling programs, including The University of Oxford. As a foreign state entity, this may involve getting permission from the UK government, because the UK military is one of the main sponsors/users of the Met Office data. But, then, this state government would probably already have their own climate models which they could use. The USA for instance have their own programs, as does Australia. (BoM) There may be a degree of program/data sharing already, but that would most likely be classified. Backups: Here |
Send message Joined: 5 Aug 04 Posts: 1496 Credit: 95,522,203 RAC: 0 |
Michael, What sort/level of "assurances" do you seek? Protection for (or from) whom? To reiterate Mo and Les' advice, said state would be well advised to do a bit of research into historical security of boinc and CPDN. Finding nothing to cause a national epidemic of hives, the state's lead climate research university program could be funded to develop a project. The best 'assurance' is the long history of boinc and the longer history of CPDN. The state's process would have experts evaluate boinc's open-source code and work with UK Met Office to satisfy any latent security paranoia which may exist. Two possibilities, either license the software or coordinate with Oxford/CPDN personnel to open a Global or Regional project to accomplish the state's research objective. Is your question hypothetical? Specific? "We have met the enemy and he is us." -- Pogo Greetings from coastal Washington state, the scenic US Pacific Northwest. |
Send message Joined: 7 Apr 07 Posts: 3 Credit: 58,919 RAC: 0 |
Not hypothetical. I'm working with a pretty innovative CIO for a state government, and he's intrigued by the possibility that unused computing cycles might be put to good use in this way - started as a chat about bitcoin mining. My question then, is regarding the ability to demonstrate that we would not be bringing an application onto government systems that allows unauthorized access to endpoints - either through the BOINC software or one or more of the grid computing projects. The open-source is a good assurance, as is the long track record, but ultimately we'd want to either see - or help obtain - some kind of security test results. My role is as a policy adviser on cybersecurity, however my 14 years of postsecondary and 3 degrees are all in earth science. I like what you guys are doing, and yes I've run the model. More on this later I think. Thank you very much for the thoughtful responses; they were helpful. - mkh |
Send message Joined: 7 Apr 07 Posts: 3 Credit: 58,919 RAC: 0 |
PS: michael . hamilton at ofm . wa . gov |
Send message Joined: 5 Aug 04 Posts: 1496 Credit: 95,522,203 RAC: 0 |
PS: Michael, Interesting to learn that we are from the same state. We are covered! A higher-resolution model, embedded in the Global Climate Model, already exists for the Pacific Northwest; a large number of tasks have been completed for the region... Perhaps you would be better served by coordinating with Oregon State University. (Phil Mote, unless my old memory fails me.) "We have met the enemy and he is us." -- Pogo Greetings from coastal Washington state, the scenic US Pacific Northwest. |
©2024 cpdn.org