[DOCS] Update document to include security model of RPC server (#17377)

This PR update the documents to include the security model of the RPC server.
apache · Sep 17, 2024 · 4692b95 · 4692b95
1 parent d3900be
commit 4692b95
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/docs/reference/security.rst b/docs/reference/security.rst
@@ -34,10 +34,16 @@ The private security mailing address is: `security@apache.org <security@apache.o
 Feel free to consult the `Apache Security guide <https://www.apache.org/security/>`_.
 
 
-Considerations
+Security Model
 --------------
 The default binary generated by TVM only relies on a minimum runtime API.
 The runtime depends on a limited set of system calls(e.g. malloc) in the system library.
 
+
+TVM RPC server assumes that the user is trusted and needs to be used in a trusted network environment
+and encrypted channels. It allows writings of arbitrary files into the server and provide
+full remote code execution capabilities to anyone who can access this API.
+
+
 AutoTVM data exchange between the tracker, server and client are in plain-text.
 It is recommended to use them under trusted networking environment or encrypted channels.