RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.

Slides:



Advertisements
Similar presentations
Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.
Advertisements

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Applied Cryptography for Network Security
Lesson 19: Configuring Windows Firewall
Introduction (Pendahuluan)  Information Security.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Windows Server 2008 Chapter 8 Last Update
Jason Morrill NCOAUG Training Day February, 2008
Storage Security and Management: Security Framework
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
CCI through Firewall TNG 2.4 Updated April 16, 2002.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Section 11: Implementing Remote Connectivity CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
SEC835 Practical aspects of security implementation Part 1.
RDMAP/DDP Security Draft draft-ietf-rddp-security-01.txt Jim Pinkerton, Ellen Deleganes, Sara Bitan.
ISER on SCTP & IB draft-hufferd-ips-iser-sctp-ib-00.txt Generalizations to iSER specification John Hufferd Mike Ko Yaron Haviv.
Detecting Targeted Attacks Using Shadow Honeypots Authors: K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A.D. Keromytis Published:
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Limiting Denial of Service Using Client Puzzles Presented by Ed Kaiser.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Information Security What is Information Security?
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
ISCSI Extensions for RDMA (iSER) draft-ko-iwarp-iser-02 Mike Ko IBM August 2, 2004.
Multimedia & Mobile Communications Lab.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Module 11: Designing Security for Network Perimeters.
Draft-ietf-rddp-security-02 Summary of outstanding issues August 4, 2004 Jim Pinkerton.
MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.
Security Vulnerabilities in A Virtual Environment
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
DoS/DDoS attack and defense
Design Principles and Common Security Related Programming Problems
August 04, 2004John Carrier, Adaptec1 One-Shot STags John Carrier Adaptec.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.
RDMAP/DDP Security Draft draft-pinkerton-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
CS457 Introduction to Information Security Systems
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
CONNECTING TO THE INTERNET
SECURING NETWORK TRAFFIC WITH IPSEC
Chapter 2: System Structures
* Essential Network Security Book Slides.
Cryptography and Network Security
Chapter 29: Program Security
Preventing Privilege Escalation
Presentation transcript:

RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba

11/11/200358th IETF - Minneapolis, MN USASecurity - 2 Agenda Overview of the paper –Define Functional Model, including Components Attack paths –Identify threats –Define counter measures What’s new in this version Issues What’s still to be done

11/11/200358th IETF - Minneapolis, MN USASecurity - 3 Approach Security analysis not constrained to any one implementation – examine the scope of implementations The draft is relatively new – minimal review Still sections left to be written

11/11/200358th IETF - Minneapolis, MN USASecurity - 4 Functional Component Model Privileged Resource Manager Privileged Application Non-Privileged Application RNIC Engine firmware Admin Privileged Control Interface Privileged Data Interface Non-Privileged Data Interface Application Control Interface Request Proxy Interface RNIC Interface (RI) Internet

11/11/200358th IETF - Minneapolis, MN USASecurity - 5 Functional Components Privileged application –Assumed to not intentionally attack the system, but may be greedy for resources Non-privileged application –Desire to provide benefits of RDMAP/DDP without introducing additional security risk –Not trusted, granted only a subset of the capabilities granted to a privileged application Resource Manager –Controls allocation of “scarce” resources –Implements policies to detect and prevent DoS attacks

11/11/200358th IETF - Minneapolis, MN USASecurity - 6 An RI in More Detail RI Send Queue Receive Queue Completion Queue Async Event Queue Resources: Page Translation Table, STag Table, Connection Context Memory Host Network RDMA Read Request Queue

11/11/200358th IETF - Minneapolis, MN USASecurity - 7 Threats and Attack Classes Spoofing –Connection hijacking –Unauthorized STag use Tampering –Unauthorized modification of remote buffers Information Disclosure –Unauthorized read access to remote buffers Denial of Service –Consumption of “precious” resources Elevation of Privilege –Loading FW onto the RNIC

11/11/200358th IETF - Minneapolis, MN USASecurity - 8 Tampering Remote Peer attempts to tamper with buffers on a Local Peer –Attempt to write outside of the buffer bounds –Modify buffer contents after indicating buffer contents are ready for use –Using multiple STags to access the same buffer

11/11/200358th IETF - Minneapolis, MN USASecurity - 9 Information Disclosure Remote peer attempts to improperly read information in buffers on a Local Peer –Use of RDMA Read to access stale data –Accessing buffer after transfer is over –Accessing unintended data through use of a valid STag –Using multiple STags to access the same buffer

11/11/200358th IETF - Minneapolis, MN USASecurity - 10 Denial of Service Resource consumption –Receive data buffers when pool is shared –Completion Queue entries –RDMA Read Request Queue –Untagged receive buffers Remote invalidation of an STag across multiple connections

11/11/200358th IETF - Minneapolis, MN USASecurity - 11 Tools for Counter Measures Protection Domain End-to-end authentication Limiting scope of: –STag Number of connections, amount of buffer advertised, time the buffer is advertised, randomly use the namespace –Buffer access rights Write-only, Read-only, Write/Read –Completion Queue One or more connections –Error generation/propagation Resource manager

11/11/200358th IETF - Minneapolis, MN USASecurity - 12 Counter Measures Protection Domain (PD) –Data buffers associated with an STag can be accessed only through connections in the same PD –Limit CQ access to connections in the same PD Limit STag scope –Limit SdTag usage to a single connection, or connections in the same PD –Limit the time the STag is valid by invalidating STag when data transfer is over –Limit the memory the STag can access by setting base and bounds to just the intended buffers

11/11/200358th IETF - Minneapolis, MN USASecurity - 13 Counter Measures Set appropriate buffer access rights –Enable only the rights needed (read only, write only or read/write) –Local peer only access for buffers that do not require remote access Limit scope of error propagation/generation –Limit generation of error events to prevent event queue overflow Resource Manager –Put allocation of scarce resource under control of a Resource Manager

11/11/200358th IETF - Minneapolis, MN USASecurity - 14 Attacks & Countermeasures Threat/Attack ClassPD E2E auth Limit scope Resource Manager STagBuffer Access CQ Error Spoofing Connection hijacking Unauthorized STag use Tampering Unauthorized data modification Information Disclosure Unauthorized data access Denial of Service Consumption of resources Elevation of Privilege Load FW on RNIC (Or not allow this feature)

11/11/200358th IETF - Minneapolis, MN USASecurity - 15 What’s New “Partial Trust” instead of “Trust” Architecture model –Clarifications to existing components –RNIC data transfer initialization –RNIC data transfer (SQ, RQ) –RNIC Asynch Event Queue

11/11/200358th IETF - Minneapolis, MN USASecurity - 16 What’s New (cont) Clarifications for implementation flexibility –Multiple PDs in a single app Consideration of additional attacks –Controlling Page Trans. Table mapping to a buffer –Shared STag – remote invalidate –Shared STag – remote peer consumes too many buffers

11/11/200358th IETF - Minneapolis, MN USASecurity - 17 Combinations of Trust Local Resource Sharing Local Trust? Remote Trust? NameExample Application NNNNS- NT RDDP/DDP client/server Networking NNYNS- RT Authenticated Remote Peer NYNKernel client NYYSimilar to S-T YNNS-NTTypical Networking YNY?? YYNS-LTStorage target YYYS-TMPI

11/11/200358th IETF - Minneapolis, MN USASecurity - 18 Dimensions of Partial Trust Primarily a tool to educate the non-IETF RDMA community on the risks of traditional RDMA (local and remote trust) Within IETF the assumption is generally no remote trust, no local trust –Thus dimensions of trust could be simplified to just a local resource sharing issue i.e. Are local resources shared between streams? Should we remove dimensions of trust?

11/11/200358th IETF - Minneapolis, MN USASecurity - 19 Outstanding Issues Issues highlighted in the document –IPsec section –Summary table at the end –Clarify using PD as counter measure vs. PD resource limitation –Describe security issue with sharing resources for untagged receives before diving into evaluation of shared buffer pool vs. shared receive queue Still open since Vienna –Resolve shared RQ security issues –Better document multiple client to single server with different trust model per client

11/11/200358th IETF - Minneapolis, MN USASecurity - 20 Outstanding Issues Other s –Non-privileged Application being able to disable/enable an STag mapping without using the Privileged Resource Manager

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.