how to protect trading strategies for a colocated server

Not certain if you are responding to the general topic or my prior post based on the imagined system with science fiction like performance.

In this case the assumption is that low latency was irrelevant since the system accurately predicts future market activity within a given time window say 10 hours. There a few seconds is irrelevant as one is dealing with the future not reacting to the present or the 10 milliseconds ago past.

I would never put anything of significant value at a 3rd party site.





Quote from FutsTrader111:

The answer is, YOU locate yourself and servers to an office building with appropriate connections, appropriate security measures. YOU control permissions and access to the server. The closer the machine is to you, the safer it is.

Colocation is stupid. It bleeds of you having no financial backbone to backup the trading system itself. If you fully trust this system and its proven to make you money, then put the damn servers in your office and hire a security professional to administrate it - someone you trust.

Why in the world would you put your crown jewels on a colocated server in the first place? If something so valuable is put on equipment which is untrusted and for which can be tampered with, don't you think you should keep the servers in-house and have policies in place only for those who work for you? You should never trust your sensitive applications to a hosting company. Even though they say they have security measures in place, that doesn't mean a rogue hosting personnel can get to your files let alone an outside hacker.

For whatever reason, the safest route is to build the application in C/C++ and compile it into binary native format to the server (i.e, Intel). Using any interpreted scripting language is a risk as hackers can pull the source files and read easily. At least with binary they are going to have to spend a hell of a time reverse engineering the code.

This question is really ridiculous when you think about it. If you were real with something that makes you tons of money, how can you be so naive to ask this question in the first place?

Clearly this op is a newb and has nothing worth of a system even protecting!
More...
 
Quote from WinstonTJ:

Anyone who trades via mouse/manually does not need to co-lo - ever.
More...
Maybe we need to stop pretending that everyone's doing exactly the same thing.

I for one trade a short volatility black-box application that benefits very much from every second of availability I can squeeze out of the system. I have redundant colocated servers in addition to E Cermak (Seattle/Dallas) for that reason.

I also have SLA agreements that I rely on. If components in one of my system goes down, hardware replacements are in place in 60 minutes. All this for less than $500 a month.

A 10 mb line going to my house? Ignoring obvious issues like power outages or other disconnections, I'm also concerned about natural disaster (flood/earthquake), or even a neighbor with a weed-whacker.
 
Quote from WinstonTJ:

After exchanging a few PMs I thought we were getting along... I'll stick to picture books, adderall and Redtube from now on.
More...

I though so too until you marched in to demand that everyone stop posting and go away. If you don't like what's being discussed either offer a dfifferent prespective or leave those that care to dialogue in peace.
 
Quote from Jerry030:

I though so too until you marched in to demand that everyone stop posting and go away. If you don't like what's being discussed either offer a dfifferent prespective or leave those that care to dialogue in peace.
More...

My perspective is stop posting and start doing. I don't want anyone to go away, just to stop talking in circles about how somoene is out to get your unwritten code.

Co-lo is a joke unless you live in Guam or Phuket.

Hook up with a broker that has halfway decnet quotes and an Excel DDE, create a logical, rules based strategy in Excel. Test. Test. Test... Automate... Work on next strategy??

I don't see international espionage and colocation anywhere in there.
 
Quote from WinstonTJ:

My perspective is stop posting and start doing. I don't want anyone to go away, just to stop talking in circles about how somoene is out to get your unwritten code.

Co-lo is a joke unless you live in Guam or Phuket.

Hook up with a broker that has halfway decnet quotes and an Excel DDE, create a logical, rules based strategy in Excel. Test. Test. Test... Automate... Work on next strategy??

I don't see international espionage and colocation anywhere in there.
More...

What is your interest, vested or otherwise in who's talking and who is doing or not doing what? I don't mean to be rude but you sound parental... you want us to do X or Y at your preference? Sound we ask permission individually or as a group? Should I clean up my room now?

From my own experience and that of others where I know the details, your suggestion to create a simple logical rule based strategy. works marginally at best ...< 66% Win/Loss ratio in net dollars. I haven’t seen much empirical evidence that the mentally and emotionally changed decisions of millions of people are logical with much consistency. If that’s the best you can offer, fine, but if others of us think there is something beyond what 42,000,000 people have tried, then why try to stop investigation and discovery?
 
colocation is a solution of network latency. if the strategy is timing critical, a latency around 10ms is lethal, then colocation is a must. otherwise, you have to build a brokerage house yourself, which is not practical for most of individuals or small hedge fund firms.


Quote from FutsTrader111:

The answer is, YOU locate yourself and servers to an office building with appropriate connections, appropriate security measures. YOU control permissions and access to the server. The closer the machine is to you, the safer it is.

Colocation is stupid. It bleeds of you having no financial backbone to backup the trading system itself. If you fully trust this system and its proven to make you money, then put the damn servers in your office and hire a security professional to administrate it - someone you trust.

Why in the world would you put your crown jewels on a colocated server in the first place? If something so valuable is put on equipment which is untrusted and for which can be tampered with, don't you think you should keep the servers in-house and have policies in place only for those who work for you? You should never trust your sensitive applications to a hosting company. Even though they say they have security measures in place, that doesn't mean a rogue hosting personnel can get to your files let alone an outside hacker.

For whatever reason, the safest route is to build the application in C/C++ and compile it into binary native format to the server (i.e, Intel). Using any interpreted scripting language is a risk as hackers can pull the source files and read easily. At least with binary they are going to have to spend a hell of a time reverse engineering the code.

This question is really ridiculous when you think about it. If you were real with something that makes you tons of money, how can you be so naive to ask this question in the first place?

Clearly this op is a newb and has nothing worth of a system even protecting!
More...
 
Quote from Rabbitone:

Your discussion is quite interesting. I was an IT Data Base manager for a large bank (retired to trade full time) that did trading applications. I was on the security team for trading applications. Encrypted code for execution? Well maybe if your security is crap. Encryption had another role. Our team studied a number of hedge fund security processes. We did this because of the tens of millions of dollars being traded. Here is a general outline of what we chose:

The first level of security is you are not going to play on retail box. You do it on special IBM mainframes even if they are out sourced. Not too many players can afford these.

Then you layer security so fewer and fewer get to the trading application. Using a program called ACF2 we defined every person’s or programs role in the security scheme - especially on out sourced platforms.

The next security features is data versus source code. As a mainframe DBA manager my first level of security was “No hard coded values in source code.” That means all of the core data values that made the trading source code execute were stored in DB2 relational table structures that were NOT stored on the out sourced computer site. This data had to be accessed remotely using encryption from the executing site during the application set up. No data - no trading.

Next security level was the main application. Which I never was never privy to except as it accessed my DB2 Databases. That was like an octopus. Right down to the dual-redundancy of data. It could be split up to run on multiple boxes if needed.

Next security level was communications. We used IBM CICS with many levels of communication security and transmission protocols. This is where trades from the main application where executed. The exchange transmissions fascinated me but I was shut out from learning too much about them. But those were not my bailiwick. I’m a data storage expert.

The next security feature was along the same lines. All traded objects, executed trades and journals were stored back in the DB2 Relational Database using encrypted transmissions. Some were cleaned up seconds after execution from IBM CICS. Then these transactions went to internal DB2 formats locked down in encryption. The outsourced applications were cleaned up each day leaving little. There are many more security products and processes involved that I am not mentioning.

The idea is simple. The more an application is split up into secured parts then the less of a chance that some one has of getting their hands on the entire process. The main risk is a top designer will jump ship and sell it all for big bucks. That is why they get big bucks each and every year if it works. If you have $100 million you may be able to buy a GS app. Then you better have an three times that amount to get it running as I’m describing

I am still asked the question to this day is “Why can’t a bottom level designer steal it?” The answer is they never get to see enough of the whole to steal it. Go ahead and reverse engineer the source of the main application. So, what? It was not worth a dam without the data that ran stored in the DB2 database. Well I got that what next. Whoops got to get the CICS apps that do the actual trades. Believe me it would have taken an army to get through all of those pieces of the puzzle. Reverse engineering does one app and is not that complicated, however something this size is way beyond reverse engineering.

Once I ask the head honcho where the weakest link in our trading was and he said “…well not from the inside… The weakest link is that some one picks up the parts of our trading transmissions and equates them back to known quantitative methods. But that would be hard because we fragment the trades…”
More...

Thanks for sharing.

:)
 
Quote from Jerry030:

What is your interest, vested or otherwise in who's talking and who is doing or not doing what? I don't mean to be rude but you sound parental... you want us to do X or Y at your preference? Sound we ask permission individually or as a group? Should I clean up my room now?

From my own experience and that of others where I know the details, your suggestion to create a simple logical rule based strategy. works marginally at best ...< 66% Win/Loss ratio in net dollars. I haven’t seen much empirical evidence that the mentally and emotionally changed decisions of millions of people are logical with much consistency. If that’s the best you can offer, fine, but if others of us think there is something beyond what 42,000,000 people have tried, then why try to stop investigation and discovery?
More...

I apologize if my posts were interpreted as being rude, that was not my intent. Rabbitone's posts as well as others' are excellent however the barrier of entry to 'big bank' systems is so high that most hedge funds can't get there.
I understand the desire to discuss, in theory, how to keep things save in a co-located environment. What I'm trying to convey is that the security measures being discussed are impossible to implement outside of large institutions with very deep pockets. Assuming everything is backed up (as it should be if you are discussing these types of security measures) your hardware theft/loss concerns are nil. I would venture a guess that few people have ever been inside a datacenter and have never experienced the security measures in place just to enter the facility, nor have they experienced the access restrictions and physical locking cages, lockers, etc. at your space.
At that rate software/IP loss concerns are just as significant inside a co-location facility as they are inside your home or office. It is much easier to reverse engineer a strategy based on executions than it is to steal someone’s code from a co-lo or even from an office. In practice, your strategy is only as safe as the people you expose it to – risk managers, firm partners, your partners, etc.
Big banks need unique security measures because they hire ‘trustworthy’ employees to work on big projects. A team of 20 people working on one HFT strategy has a lot more vulnerability than a team of 3-4 individuals with an even profit split.
Again I’m not trying to be rude but in the real world the HFT space is saturated. Big banks/firms dominate the space and the micro/nanosecond area is ultra competitive. Without order flow it is virtually impossible to carve out an edge in the low-latency HFT space. There is almost no realistic need for low-latency co-location unless you are remote. In practice, what most people actually do is get fast internet into an office or rent space at a datacenter, connect directly to quote/execution servers and put up a moderate firewall. Only the Administrators have access to the machines so the risk of IP theft is low.
 
You must log in or register to reply here.
Back
Top