A Seminar byShinto. T. Jose

INTRODUCTION

• DIRECTLY MOVES DATA

• HIGH THROUGHPUT

• LOW LATENCY

• ZERO COPY NETWORKING

• RDMA• LAYERING• DATA FLOW• APPLICATIONS

INTRODUCTION

• RDMA• LAYERING• DATA FLOW• APPLICATIONS

ULPULP

TCPTCP

IPIP

DATA LINK LAYERDATA LINK LAYER

RDMA RDMA

INTRODUCTION

• RDMA• LAYERING• DATA FLOW• APPLICATIONS

INTRODUCTION

• Virtual interface Architecture

• Infiniband

• Iwarp

• Future versions of Microsoft Windows

• RDMA• LAYERING• DATA FLOW• APPLICATIONS

ARCHITECTURE

• COMPONENTS• RNIC

INTERACTIONS

Privileged Resource Manager

Privileged ULP

Non-privileged ULP

RNIC Engine

internet

RNIC interface

ULP interface

ARCHITECTURE

• RNIC• Privileged resource manager• Privileged ULP• Non privileged ULP

• COMPONENTS• RNIC

INTERACTIONS

ARCHITECTURE

• Privileged control interface

• Privileged data interface

• Non-Privelged data interface

• COMPONENTS• RNIC

INTERACTIONS

ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY

• IMPERSONATION– BLIND ATTACK OR ESTABLISHING

STREAM– GUESSING VALID PARAMETERS– END-TO-END AUTHENTICATION

• STREAM HIJACKING• MAN-IN-THE MIDDLE ATTACK

• SPOOFING• TAMPERING• SECURITY

OPTIONS

ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY

• IMPERSONATION • STREAM HIJACKING– HIJACK IN THE STREAM

ESTABLISHMENT PHASE– IP ADDRESS SPOOFING– END-TO-END INTEGRITY PROTECTION

AND AUTHETICATION• MAN-IN-THE MIDDLE ATTACK

• SPOOFING• TAMPERING• SECURITY

OPTIONS

ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY

• IMPERSONATION • STREAM HIJACKING• MAN-IN-THE MIDDLE ATTACK– ABILITY TO DELETE OR MODIFY– INVALIDATE STag– END-TO-END INTEGRITY PROTECTION

AND AUTHENTICATION

• SPOOFING• TAMPERING• SECURITY

OPTIONS

ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY

• MAN IN THE MIDDLE ATTACK

• MODIFICATION OF BUFFER CONTENT

• END-TO-END INTEGRITY PROTECTION AND AUTHENTICATION

• PHYSICAL PROTECTION

• SPOOFING• TAMPERING• SECURITY

OPTIONS

ATTACKS THAT CAN BE MITIGATED WITH END-TO-END SECURITY

• SESSION CONFIDENTIALITY

• PER-PACKET DATA SOURCE AUTHENTICATION

• PER-PACKET INTEGRITY

• PACKET SEQUENCING

• SPOOFING• TAMPERING• SECURITY

OPTIONS

ATTACKS FROM LOCAL PEERS

• MORE COMPLETIONS THAN ITS FAIR SHARE

• CAUSES STARVING OF OTHER ULP’S

• RNIC MUST NOT ENABLE SHARING A CQ ACROSS UNTRUSTED ULPS

• LOCAL ULP ATTACKING A SHARED CQ

• LOCAL PEER ATTACKING THE RDMA READ REQUEST QUEUE

ATTACKS FROM LOCAL PEERS

• UNFAIRLY ALLOCATE RDMA READ REQUEST QUEUE RESOURCES FOR ITS STREAMS

• RDMA READ REQUEST QUEUE ENTRIES MUST BE RESTRICTED TO A TRUSTED LOCAL PEER (PRIVILEGED RESOURCE MANAGER)

• LOCAL ULP ATTACKING A SHARED CQ

• LOCAL PEER ATTACKING THE RDMA READ REQUEST QUEUE

ATTACKS FROM REMOTE PEERS

• USING UNAUTHORIZED STag• WHEN Stag FOR ONE STREAM IS

ENABLED, ATTACKER WILL USE IT FOR ANOTHER STREAM

• Stag VALUES SHOULD BE RANDOMLY SELECTED

• END-TO-END SECURITY IS USED

• SPOOFING

• TAMPERING

• ELEVATION OF PRIVILEGE

ATTACKS FROM REMOTE PEERS

• LOCAL BUFFER ENABLED WITH REMOTE WRITE

• BUFFER OVERRUN

• BASE AND BOUND CHECK

• END-TO-END SECURITY IS USED

• SPOOFING

• TAMPERING

• ELEVATION OF PRIVILEGE

ATTACKS FROM REMOTE PEERS

• NON PRIVILEGED ULP WILL MAKE IT AS PRIVILEGED ONE

• PRIVILEGED ULP WILL MAKE ITSELF AS PRIVILEGED RESOURCE MANAGER

• SECURITY BASED ON LOCAL IMPLEMENTATION

• END-TO-END SECURITY IS USED

• SPOOFING

• TAMPERING

• ELEVATION OF PRIVILEGE

CONCLUTION

• High throughput, low latency

• Maximum care given for security, but still remains a concern.

REFERENCES

• [RDMAP] Recio, R., Culley, P.,Garcia, D., and J. Hilland, "A Remote Direct Memory Access ProtocolSpecification ",RFC 5040, October 2007.

• [RDMAP SECURITY] J.Pinkerton. “RDMAP SECURITY”, RFC 5042, October 2007.