Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kuscia在P2P部署时,如果任务请求不是secretpad等平台发来的,而是运维人员在kuscia镜像中恶意启动的,是否有越权问题呢? #490

Closed
WandQ opened this issue Jan 13, 2025 · 2 comments
Closed

Kuscia在P2P部署时,如果任务请求不是secretpad等平台发来的,而是运维人员在kuscia镜像中恶意启动的,是否有越权问题呢? #490

WandQ opened this issue Jan 13, 2025 · 2 comments

Comments

@WandQ
Copy link

WandQ commented Jan 13, 2025

Issue Type

Api Usage

Search for existing issues similar to yours

Yes

Kuscia Version

kusciaImage版本:0.13.0b0

Link to Relevant Documentation

No response

Question Details

如:Alice和Bob相互授权了表scheme可见,此时,Alice可以在Kuscia容器内编排任意任务,可以是PSI,SCQL,甚至是PIR(如有)直接查询数据。而这个过程对于Bob是无感的,是否会导致数据泄露风险呢?有办法解决或者缓解么?
@BrainWH
Copy link

BrainWH commented Jan 14, 2025

1.kuscia 作业支持开启审核功能,如果不信任对方发送的请求,可以开启审核。发起方发起作业后,只有参与方审核通过后,才会执行。具体地可以参考:https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.13.0b0/reference/concepts/kusciajob_cn#enable-approval
2.如果是 scql 任务,双方在授权 scheme 时,每一方是可以判读授权的 schema 信息是否可以让对方使用

@WandQ
Copy link
Author

WandQ commented Jan 15, 2025

明白了,感谢解答。

@WandQ WandQ closed this as completed Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WandQ @BrainWH