RDMAP/DDP Security Draft draft-pinkerton-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.

Slides:



Advertisements
Similar presentations
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Advertisements

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
August 02, 2004Mallikarjun Chadalapaka, HP1 iSCSI/RDMA: Overview of DA and iSER Mallikarjun Chadalapaka HP.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
WNT Client/Server SDK Tony Vaccaro CS699 Project Presentation.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Client/Server Computing. Information processing is distributed among several workstations and servers on a network, with each function being assigned.
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
What is FORENSICS? Why do we need Network Forensics?
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
RDMAP/DDP Security Draft draft-ietf-rddp-security-01.txt Jim Pinkerton, Ellen Deleganes, Sara Bitan.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
ISER on SCTP & IB draft-hufferd-ips-iser-sctp-ib-00.txt Generalizations to iSER specification John Hufferd Mike Ko Yaron Haviv.
1 Chapter Overview Creating Drive and Folder Shares Using Distributed File System Installing Network Printers Administering Network Printers Managing Share.
System Hacking Active System Intrusion. Aspects of System Hacking System password guessing Password cracking Key loggers Eavesdropping Sniffers Man in.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Authentication Proxy for the VistA Hospital Information System William Majurski Information Technology Laboratory.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
ISCSI Extensions for RDMA (iSER) draft-ko-iwarp-iser-02 Mike Ko IBM August 2, 2004.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
Draft-ietf-rddp-security-02 Summary of outstanding issues August 4, 2004 Jim Pinkerton.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Lesson 12: Configuring Remote Management
1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.
RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Communications & Networks National 4 & 5 Computing Science.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Understand Internet Security LESSON Security Fundamentals.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
August 04, 2004John Carrier, Adaptec1 One-Shot STags John Carrier Adaptec.
File Transfer And Access (FTP, TFTP, NFS). Remote File Access, Transfer and Storage Networks For different goals variety of approaches to remote file.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Module 3 l Objectives –Identify the security risks associated with specific NT Services –Understand the risk introduced by specific protocols –Identify.
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
HNC COMPUTING - Network Concepts 1 Network Concepts Network Concepts Network Operating Systems Network Operating Systems.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
LO2 Understand the key components used in networking.
11 MAINTAINING A NETWORK INFRASTRUCTURE Chapter 9.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
CS457 Introduction to Information Security Systems
Advanced scheduling and reminders
Implementing TMG Server Publishing
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
* Essential Network Security Book Slides.
Working at a Small-to-Medium Business or ISP – Chapter 7
IS 4506 Server Configuration (HTTP Server)
Copyright © 2000 John Wiley & Sons, Inc. All rights reserved
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Implementing Client Security on Windows 2000 and Windows XP Level 150
5 × 7 = × 7 = 70 9 × 7 = CONNECTIONS IN 7 × TABLE
A Scripting Server for Domain Automation Tasks
Client/Server and Peer to Peer
Computer Networks Protocols
Presentation transcript:

RDMAP/DDP Security Draft draft-pinkerton-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba

Approach Focus on wire visible issues Do not constrain the security analysis to any one implementation – examine the scope of implementations The draft is new – much of the thought has not been presented/reviewed before

Security Model Privileged Resource Manager Privileged Application Non-Privileged Application RNIC Engine firmware Admin Privileged Control Interface Privileged Data Interface Non-Privileged Data Interface Application Control Interface Request Proxy Interface RNIC Interface (RI) Internet

Resources RDMAP/DDP Resources –Connection context memory –Data Buffers –Page translation tables –STag namespace –Completion Queues RDMAP Specific Resources –RDMA Read Request Queue

Dimensions of Trust Local Resource Sharing – are local resources shared between streams? Local Trust – are local applications trusted to not try to circumvent the protocol (either accidentally or on purpose) Remote Trust – are remote applications trusted to try to not circumvent the protocol

Combinations of Trust Local Resource Sharing Local Trust? Remote Trust? NameExample Application NNNNS- NT RDDP/DDP client/server Networking NNYNS- RT Authenticated Remote Peer NYNKernel client NYYSimilar to S-T YNNS-NTTypical Networking YNY?? YYNS-LTStorage target YYYS-TMPI

Tools for Counter Measures Protection Domain Limiting STag scope –Number of connections, amount of buffer advertised, time the buffer is advertised, randomly use the namespace Buffer access rights –Write-only, Read-only, Write/Read Limiting Completion Queue Scope –One or more connections Limiting the scope of an error

Questions Is using “Dimensions of Trust” the right way to characterize the security models? Are the 4 security models the sufficient? Are there other countermeasures?

Outstanding Issues In the document –IPsec section –Summary table at the end From David’s –Change definition of “Trust” to “Partial Trust” –Least common denominator for trust model –Trust model for multiple clients to a single server?

Outstanding Issues Other s –Clarify that an application may choose to use multiple Protections Domains –Possibly explicitly limit STag scope to just PD or just Stream? –Other Resources Asynch Event Queue? –Errors –Shared data buffers Protection Domain as a resource? –Non-privileged Application being able to disable/enable an STag mapping without using the Privileged Resource Manager

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.