Security

The World Community Grid technical team implements security measures at each layer of the platform. Examples of our practices include:

Securing our systems in our hosting environment

  • We conduct regular scans and reviews of our servers and software configurations to ensure that we conform to current security standards.
  • Our application is hosted on physical servers within the SHARCNET facility at University of Waterloo, where network and physical access are managed to Compute Canada security standards. More information and policies are available at the SHARCNET web site (https://www.sharcnet.ca/my/systems/policies).
  • We make regular updates to operating systems, installed system software, and all third-party software and libraries our source code depends on.
  • The World Community Grid technical team’s build and deploy system features automated code scans to detect and identify potential security issues and reports any vulnerabilities or out of date dependencies at build time.

Securing the World Community Grid software client installed on your device

  • The World Community Grid technical team (Jurisica Lab at the Krembil Research Institute) builds and hosts the World Community Grid software client on servers at the SHARCNET facility.
  • Each time we adopt a new version of the World Community Grid software client, the source code is tested and reviewed by security experts. We address identified vulnerabilities before releasing any new version to volunteers.
  • The client is programmed to only access the data necessary to process its research tasks. Our software is not capable of accessing any volunteer files or information stored elsewhere on the device.

Securing the research applications downloaded and run on your computer

  • All research applications used by World Community Grid are reviewed by software security experts. We address identified vulnerabilities before any such applications are incorporated into our program.
  • These research applications are built and deployed only by members of the World Community Grid technical team.
  • The research applications are cryptographically signed using a private digital key that only authorized members of the World Community Grid team can access. The software client installed on the volunteer device will reject and delete any research application that cannot be verified using the public digital key that the software client obtains when volunteers first connect to World Community Grid.

Encryption is used in communications throughout the platforms

  • Between the software client running on volunteer machines and World Community Grid servers.
  • Between World Community Grid servers and the research institutions’ data centers when we are transferring new data sets to run or completed results.
  • Between the World Community Grid technical team and World Community Grid servers in the hosting environment when they are performing necessary work.