Rdmap Security
-
Upload
alien-coders -
Category
Technology
-
view
910 -
download
0
description
Transcript of Rdmap Security
A Seminar byShinto. T. Jose
INTRODUCTION
• DIRECTLY MOVES DATA
• HIGH THROUGHPUT
• LOW LATENCY
• ZERO COPY NETWORKING
• RDMA• LAYERING• DATA FLOW• APPLICATIONS
INTRODUCTION
• RDMA• LAYERING• DATA FLOW• APPLICATIONS
ULPULP
TCPTCP
IPIP
DATA LINK LAYERDATA LINK LAYER
RDMA RDMA
INTRODUCTION
• RDMA• LAYERING• DATA FLOW• APPLICATIONS
INTRODUCTION
• Virtual interface Architecture
• Infiniband
• Iwarp
• Future versions of Microsoft Windows
• RDMA• LAYERING• DATA FLOW• APPLICATIONS
ARCHITECTURE
• COMPONENTS• RNIC
INTERACTIONS
Privileged Resource Manager
Privileged ULP
Non-privileged ULP
RNIC Engine
internet
RNIC interface
ULP interface
ARCHITECTURE
• RNIC• Privileged resource manager• Privileged ULP• Non privileged ULP
• COMPONENTS• RNIC
INTERACTIONS
ARCHITECTURE
• Privileged control interface
• Privileged data interface
• Non-Privelged data interface
• COMPONENTS• RNIC
INTERACTIONS
ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY
• IMPERSONATION– BLIND ATTACK OR ESTABLISHING
STREAM– GUESSING VALID PARAMETERS– END-TO-END AUTHENTICATION
• STREAM HIJACKING• MAN-IN-THE MIDDLE ATTACK
• SPOOFING• TAMPERING• SECURITY
OPTIONS
ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY
• IMPERSONATION • STREAM HIJACKING– HIJACK IN THE STREAM
ESTABLISHMENT PHASE– IP ADDRESS SPOOFING– END-TO-END INTEGRITY PROTECTION
AND AUTHETICATION• MAN-IN-THE MIDDLE ATTACK
• SPOOFING• TAMPERING• SECURITY
OPTIONS
ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY
• IMPERSONATION • STREAM HIJACKING• MAN-IN-THE MIDDLE ATTACK– ABILITY TO DELETE OR MODIFY– INVALIDATE STag– END-TO-END INTEGRITY PROTECTION
AND AUTHENTICATION
• SPOOFING• TAMPERING• SECURITY
OPTIONS
ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY
• MAN IN THE MIDDLE ATTACK
• MODIFICATION OF BUFFER CONTENT
• END-TO-END INTEGRITY PROTECTION AND AUTHENTICATION
• PHYSICAL PROTECTION
• SPOOFING• TAMPERING• SECURITY
OPTIONS
ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY
• SESSION CONFIDENTIALITY
• PER-PACKET DATA SOURCE AUTHENTICATION
• PER-PACKET INTEGRITY
• PACKET SEQUENCING
• SPOOFING• TAMPERING• SECURITY
OPTIONS
ATTACKS FROM LOCAL PEERS
• MORE COMPLETIONS THAN ITS FAIR SHARE
• CAUSES STARVING OF OTHER ULP’S
• RNIC MUST NOT ENABLE SHARING A CQ ACROSS UNTRUSTED ULPS
• LOCAL ULP ATTACKING A SHARED CQ
• LOCAL PEER ATTACKING THE RDMA READ REQUEST QUEUE
ATTACKS FROM LOCAL PEERS
• UNFAIRLY ALLOCATE RDMA READ REQUEST QUEUE RESOURCES FOR ITS STREAMS
• RDMA READ REQUEST QUEUE ENTRIES MUST BE RESTRICTED TO A TRUSTED LOCAL PEER (PRIVILEGED RESOURCE MANAGER)
• LOCAL ULP ATTACKING A SHARED CQ
• LOCAL PEER ATTACKING THE RDMA READ REQUEST QUEUE
ATTACKS FROM REMOTE PEERS
• USING UNAUTHORIZED STag• WHEN Stag FOR ONE STREAM IS
ENABLED, ATTACKER WILL USE IT FOR ANOTHER STREAM
• Stag VALUES SHOULD BE RANDOMLY SELECTED
• END-TO-END SECURITY IS USED
• SPOOFING
• TAMPERING
• ELEVATION OF PRIVILEGE
ATTACKS FROM REMOTE PEERS
• LOCAL BUFFER ENABLED WITH REMOTE WRITE
• BUFFER OVERRUN
• BASE AND BOUND CHECK
• END-TO-END SECURITY IS USED
• SPOOFING
• TAMPERING
• ELEVATION OF PRIVILEGE
ATTACKS FROM REMOTE PEERS
• NON PRIVILEGED ULP WILL MAKE IT AS PRIVILEGED ONE
• PRIVILEGED ULP WILL MAKE ITSELF AS PRIVILEGED RESOURCE MANAGER
• SECURITY BASED ON LOCAL IMPLEMENTATION
• END-TO-END SECURITY IS USED
• SPOOFING
• TAMPERING
• ELEVATION OF PRIVILEGE
CONCLUTION
• High throughput, low latency
• Maximum care given for security, but still remains a concern.
REFERENCES
• [RDMAP] Recio, R., Culley, P.,Garcia, D., and J. Hilland, "A Remote Direct Memory Access ProtocolSpecification ",RFC 5040, October 2007.
• [RDMAP SECURITY] J.Pinkerton. “RDMAP SECURITY”, RFC 5042, October 2007.