Hi,
we are planning to realize a new cryptcoin trading platform with some very exciting new features for handling that large amount of new altcoins released every day. I can't go too much into detail, yet because we are still at the planning phase. Once we set up the alpha version, we'll feed you with more information about this exciting project!
Though we have many skills in programming and administrating linux, we would want to know your opinions on some security relevant topics.
Our main goal is to keep the whole exchange platform and especially the wallets safe.
To realize our idea, it is very important to prevent any interference between the wallets on the server. We must make sure to run the wallets within a sandboxed or virtualized environment because there is the possibility that one wallet attacks the other ones or the server by executing custom code.
Therefore, we thought about sandboxing or virtualizing mehtods that need to fulfill these requirements:
- - Very high level of security
- - High performance and scalability
Our current ideas are the following:
- 1 - Run the wallets in a virtualized environment. This well need a dedicated OpenVZ or KVM instance for each wallet running on the sever. Though this would probably allow the maximum level of security and a good scalability, we have concerns about performance issues. How much CPU and RAM resources does a wallet, that is used for a trading platform, need?
- 2 - Using sudo, chroot or systrace to sandbox the wallets. While this solution would be the most performant, I have some concerns about the level of security. Is it possible to escape from a sandbox when you have the possibility to execute custom code on the server?
I would be pleased to hear your opinions about our two ideas and of course I would also like to hear new ideas on how to solve this problem.
Thank you in advance and regards! :-)
