pheyvaer
commented
2 years ago @RubenVerborgh What changes do you expect here?
Open rubensworks opened 2 years ago
pheyvaer
commented
2 years ago @RubenVerborgh What changes do you expect here?
RubenVerborgh
commented
2 years ago A challenge is a technical problem applied to a concrete use case with as output a demo. I'm missing the use case and demo parts.
rubensworks
commented
2 years ago Updated! Feel free to close if still not suitable.
Pitch
Since data in Solid can be spread across many locations, query engines must be able to traverse over these locations and collect data within them. Since decentralized environments are potentially unsafe due to their non-centrally controlled nature, there is a need for query engines to be resistant against security threats aimed at the query engine’s host machine or the query initiator’s personal data.
Desired solution
The outcome of this challenge must be a Solid demo application in which different exploits can be simulated. Concretely, at least three vulnerabilities must have a simulation in an app, with each having at least one possible mitigation implemented in the Comunica query engine that can be demonstrated via the app. The app must allow each vulnerability to be executed with and without the mitigation,. The demo app must be able to clearly show the data (RDF triples) that are causing the vulnerability when executing the simulation.
Acceptance criteria
A first draft of potential security threats can be found at https://rubensworks.github.io/article-ldtraversal-security/
Scenarios