erlang 我如何在Elixir中的进程之间设置经过验证的链接?

ssgvzors  于 2022-12-08  发布在  Erlang
关注(0)|答案(2)|浏览(160)

Background:

I am trying to write a program in Elixir to test distributed algorithms by running them on a set of processes and recording certain statistics. To begin with I will be running these processes on the same machine, but the intention is eventually to have them running on separate machines/VMs.

Problem:

One of the requirements for algorithms I wish to implement is that messages include authentication. That is, whenever a process sends a message to another process, the receiver should be able to verify that this message did indeed come from the sender, and wasn't forged by another process. The following snippets should help to illustrate the idea:

# Sender
a = authenticate(self, receiver, msg)
send(receiver, {msg, self, a})
# Receiver
if verify(msg, sender, a) do
  deliver(msg)
end

Thoughts so far:

I have searched far and wide for any documentation of authenticated communication between Elixir processes, and haven't been able to find anything. Perhaps in some way this is already done for me behind the scenes, but so far I haven't been able to verify this. If it were the case, I wonder if it would still be correct when the processes aren't running on the same machine.
I have looked into the possibility of using SSL/TLS functions provided by Erlang , but with my limited knowledge in this area, I'm not sure how this would apply to my situation of running a set of processes as opposed to the more standard use in client-server systems and HTTPS. If I went down this route, I believe I would have to set up all the keys and signatures myself beforehand, which I believe could possible using the X509 Elixir package , though I'm not sure if this is appropriate and may be more work than is necessary.

In summary:

  1. Is there a standard/pre-existing way to achieve authenticated communication between processes in Elixir?
  2. If yes, will it be suitable for processes communicating between separate machines/VMs?
  3. If no to either of the above, what is the simplest way I could achieve this myself?
5gfr0r5j

5gfr0r5j1#

正如Aleksei和Pawe指出的那样,如果某个东西在你的集群中,它就已经是可信的了。这不像认证随机的Web请求,这些请求可能来自于几乎任何地方,你说的是来自于你的可信机器的本地网络内部的消息。如果某个邪恶的行为者在你的服务器上运行,你要担心的问题比认证消息要大得多。
就安全性而言,对在集群内运行的Elixir/Erlang进程的限制非常少:例如,它们的状态可以被任何其他进程检查。这种透明性的一部分是通过设计实现的,并且是必要的,以便拥有一个能够进行热代码重载的容错系统,但是关于具体的“如何”和“为什么”的对话对我来说太微妙了,无法做到公正。
如果你真的需要做一些日志记录来获得一个可审计的“书面线索”来验证哪个进程发送了哪个消息,我认为你必须推出自己的解决方案,这可能依赖于一些常见的技术(如密钥+签名,区块链等)。如果您在处理不同服务器之间的Web请求,这些问题就会出现!并且已经存在用于在计算机之间建立安全连接的协议,所以我不建议在您的应用程序中重新发明这些网络协议。
你的时间最好花在算法本身上,而不是试图重新发明安全性的轮子。你的应用应该专注于其他人都没有做过的独特的东西如果您有多个相互连接的VM,它们相互传递消息,那么所有的“安全”要求都是通过定义对每个机器/子网的正确访问来实现的,并且无论您在它们上运行什么应用程序/语言,这个要求都是成立的。

okxuctiv

okxuctiv2#

我越是了解你想要达到的目标,我就越确信你所需要的只是调用过程的足迹
对于同步调用GenServer.handle_call/3,您已经将第二个参数作为足迹。
对于异步消息,您可以将调用者信息添加到消息本身中,例如,发送{:foo, pid()}或更复杂的{:foo, {pid(), timestamp(), ip(), ...}消息,而不是发送普通的:foo消息,并让被调用者验证这些消息。
这将是安全的一切手段:erlang群集将确保这些消息来自 * 受信任的来源 *,而您的内部验证可以确保来源在您的内部规则内有效。

相关问题