Skip to content

Latest commit

 

History

History
56 lines (47 loc) · 5.6 KB

attack-surface.md

File metadata and controls

56 lines (47 loc) · 5.6 KB

Attack Surface Analysis for quantconnect/lean

Attack Surface: 1. Malicious Algorithm Logic (Theft/Manipulation)

  • Description: An attacker crafts or compromises an algorithm to steal funds, manipulate trades, or leak information.
  • Lean Contribution: Lean is the execution environment for the algorithm. Lean's features (data access, order placement, etc.) are the tools used by a malicious algorithm. The attack cannot happen without Lean.
  • Example: An algorithm with a hidden backdoor that siphons a percentage of profits to the attacker.
  • Impact: Direct financial loss, account compromise, legal penalties.
  • Risk Severity: Critical
  • Mitigation Strategies:
    • Rigorous Code Review: Mandatory, independent code reviews focusing on security.
    • Sandboxing: Utilize Lean's SecurityManager to strictly limit algorithm permissions (file access, network access, API calls). This is a Lean-specific mitigation.
    • Formal Verification: For critical logic sections, consider formal methods to prove correctness.
    • Strict API Permission Control: Minimize API access granted to the algorithm within Lean and at the brokerage level.
    • Extensive Backtesting/Paper Trading: Mandatory before live deployment.
    • Real-time Monitoring/Alerting: Monitor algorithm behavior through Lean's logging and event system for anomalies.

Attack Surface: 2. API Key Compromise (within Lean's context)

  • Description: An attacker gains access to API keys used by Lean to interact with the brokerage.
  • Lean Contribution: Lean stores and uses the API keys to connect to brokerage accounts. The security of how Lean handles these keys is paramount. This is distinct from general API key security; it's about Lean's handling.
  • Example: An attacker exploits a vulnerability in a custom Lean data handler that exposes API keys in memory, or finds keys improperly stored due to misconfiguration of Lean's environment.
  • Impact: Complete control of the trading account, unauthorized trades, fund withdrawal.
  • Risk Severity: Critical
  • Mitigation Strategies:
    • Secure Key Storage (Lean-Specific): Never hardcode keys. Use environment variables accessed through Lean's configuration system. Leverage Lean's recommended methods for secure parameter handling. If using a custom deployment, ensure secure key injection into the Lean environment.
    • Key Rotation: Regularly rotate keys, and ensure Lean is configured to use the new keys correctly.
    • Least Privilege (Brokerage & Lean): Grant minimal permissions at the brokerage and within Lean's SecurityManager.
    • Network Security (Lean's Communication): Ensure Lean communicates with the brokerage API over HTTPS with proper certificate validation. This is a configuration aspect within Lean.

Attack Surface: 3. Data Feed Manipulation (impacting Lean's data handling)

  • Description: An attacker compromises a data feed used by Lean, leading to incorrect trading decisions.
  • Lean Contribution: Lean processes and provides the data to the algorithm. The attack targets Lean's data ingestion and handling mechanisms.
  • Example: An attacker injects false price data into a custom data feed implemented as a Lean IDataFeed.
  • Impact: Incorrect trades, financial losses, potential market manipulation.
  • Risk Severity: High
  • Mitigation Strategies:
    • Reputable Data Providers (for Lean integrations): Choose providers with strong security, and use Lean's official integrations where possible.
    • Data Validation (within Lean Handlers): Implement robust validation and sanity checks within any custom Lean IDataFeed or IDataProvider implementations. This is a Lean-specific mitigation.
    • Multiple Data Sources (configured in Lean): Use multiple, independent data sources within Lean's configuration for redundancy and comparison.
    • Data Integrity Checks (in custom Lean handlers): If possible, verify data integrity using checksums or signatures within custom Lean data handling code.

Attack Surface: 4. Dependency Vulnerabilities (within Lean and its extensions)

  • Description: A vulnerability in a library used by Lean or a custom Lean extension is exploited.
  • Lean Contribution: Lean itself and any custom IDataFeed, IAlgorithm, or other extensions rely on dependencies. The vulnerability exists within the Lean ecosystem.
  • Example: A vulnerability in a numerical library used by a custom Lean indicator allows code execution.
  • Impact: Code execution, data breaches, system compromise.
  • Risk Severity: High
  • Mitigation Strategies:
    • Regular Updates (Lean and Custom Components): Keep Lean and all custom extensions updated. This is critical for patching vulnerabilities in the entire Lean-based system.
    • Vulnerability Scanning (Lean Project): Use tools like dotnet list package --vulnerable on the entire Lean project, including any custom extensions.
    • Dependency Auditing (Lean Ecosystem): Regularly audit dependencies of Lean and any custom components.
    • Vendor Monitoring (Lean and Extensions): Monitor security advisories for Lean and all libraries used in custom extensions.