Release: PolySwarm Alpha (v0.1)
GUIs, cURLs, and Truffles, oh my! Get all the details of our first major release from the PolySwarm dev team.
Here are the major features of this release:
- Bounty submission/response and artifact download
This forms the bases for experts that want to build micro-engines and allows enterprises and ambassadors to submit potential malware for network scanning.
- Exemplar micro-engine featuring ClamAV
A great demonstrator for how easy it is to hook existing tools and new micro-engines into PolySwarm. We took a respected open source anti-virus suite and connected it up.
- A good-looking bounty management GUI
Who says security engineers aren’t into a decent UX? Post and manage bounties in purple style. See below.
Looking ahead, we’re building a robust marketplace in time to make a splash at the two big summer security conferences in Las Vegas (BlackHat USA and DEFCON). More information on what we’re planning coming soon :)
TLDR: For those itching to test drive PolySwarm Alpha, grab pre-built binaries of
bounty-management bundled with
Alpha is targeted at security experts who aren’t afraid to get their hands dirty (is there any other type?).
We’re building many APIs and reference implementations in as multiple languages to make it easy for new developers & security experts to build micro-engines for PolySwarm.
Source & binaries: https://github.com/polyswarm/bounty-management/releases/tag/v0.1-alpha
We’re all about making it as easy as possible for newcomers to try out the PolySwarm network, so we built
bounty-management to visually demonstrate the PolySwarm’s bounty process, each step is listed below:
Step 1: Unlock your wallet.
Step 2: Create a bounty.
Step 3: See what the PolySwarm network has to say!
Like I said, we’re aiming for simplicity.
source & binaries: https://github.com/polyswarm/polyswarmd/releases/tag/v0.1-alpha
polyswarmd is the Swiss Army knife daemon for interacting with PolySwarm network.
polyswarmd provides programmatic access to the PolySwarm network and deals with the details so you don’t have to.
bounty-management makes use of
polyswarmd, as will many micro-engines, including our exemplar
polyswarmd offers a convenient REST API for:
- placing bounties: asking the network whether a file (an Artifact) is malicious
- rendering assertions: telling the network whether you — or your micro-engine — thinks a particular Artifact is malicious
- retrieving Artifacts hosted on IPFS
- delivering verdicts: Arbiters use this to input ground truth
The PolySwarm smart contracts :)
We’ll deploy these contracts onto the Ethereum mainnet upon each major release (Alpha, Beta, Gamma, …) You can find the Alpha contracts here. The pre-built
polyswarmd bundle (linked above) uses this mainnet contract.
ClamAV is a well known open source anti-virus engine and we’ve been using it to help get PolySwarm up and running. ClamAV serves as the only arbiter in PolySwarm Alpha. Put another way, if security experts’ assertions agree with ClamAV, they’re considered correct.
Take a look at the source code for an idea of what coding a micro-engine will look like.
What are we working on now?
We have two key algorithms within PolySwarm:
- Arbiter selection — automatically selecting trusted parties to determine which security experts answered a bounty correctly.
- Ground truth determination — when arbiters weigh in, is majority vote enough? Should each vote be weighted by reputation?
Today we have simple implementations of these algorithms to make the marketplace operational. In preparation for Beta, we’re working on developing each algorithm into forms that warrant longer explanations of how they make PolySwarm a thick and safe marketplace. Stay tuned!
Until Next Time
We’re looking forward to what the future holds for PolySwarm. Alpha is our first major step toward building tomorrow’s threat intelligence marketplace.
~Paul Makowski, CTO @ Swarm Technologies, Inc