Presentation is loading. Please wait.

Presentation is loading. Please wait.

RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.

Published byAmice Wells Modified over 8 years ago

Similar presentations

Presentation on theme: "RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba."— Presentation transcript:

1 RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba

2 11/11/200358th IETF - Minneapolis, MN USASecurity - 2 Agenda Overview of the paper –Define Functional Model, including Components Attack paths –Identify threats –Define counter measures What’s new in this version Issues What’s still to be done

3 11/11/200358th IETF - Minneapolis, MN USASecurity - 3 Approach Security analysis not constrained to any one implementation – examine the scope of implementations The draft is relatively new – minimal review Still sections left to be written

4 11/11/200358th IETF - Minneapolis, MN USASecurity - 4 Functional Component Model Privileged Resource Manager Privileged Application Non-Privileged Application RNIC Engine firmware Admin Privileged Control Interface Privileged Data Interface Non-Privileged Data Interface Application Control Interface Request Proxy Interface RNIC Interface (RI) Internet

5 11/11/200358th IETF - Minneapolis, MN USASecurity - 5 Functional Components Privileged application –Assumed to not intentionally attack the system, but may be greedy for resources Non-privileged application –Desire to provide benefits of RDMAP/DDP without introducing additional security risk –Not trusted, granted only a subset of the capabilities granted to a privileged application Resource Manager –Controls allocation of “scarce” resources –Implements policies to detect and prevent DoS attacks

6 11/11/200358th IETF - Minneapolis, MN USASecurity - 6 An RI in More Detail RI Send Queue Receive Queue Completion Queue Async Event Queue Resources: Page Translation Table, STag Table, Connection Context Memory Host Network RDMA Read Request Queue

7 11/11/200358th IETF - Minneapolis, MN USASecurity - 7 Threats and Attack Classes Spoofing –Connection hijacking –Unauthorized STag use Tampering –Unauthorized modification of remote buffers Information Disclosure –Unauthorized read access to remote buffers Denial of Service –Consumption of “precious” resources Elevation of Privilege –Loading FW onto the RNIC

8 11/11/200358th IETF - Minneapolis, MN USASecurity - 8 Tampering Remote Peer attempts to tamper with buffers on a Local Peer –Attempt to write outside of the buffer bounds –Modify buffer contents after indicating buffer contents are ready for use –Using multiple STags to access the same buffer

9 11/11/200358th IETF - Minneapolis, MN USASecurity - 9 Information Disclosure Remote peer attempts to improperly read information in buffers on a Local Peer –Use of RDMA Read to access stale data –Accessing buffer after transfer is over –Accessing unintended data through use of a valid STag –Using multiple STags to access the same buffer

10 11/11/200358th IETF - Minneapolis, MN USASecurity - 10 Denial of Service Resource consumption –Receive data buffers when pool is shared –Completion Queue entries –RDMA Read Request Queue –Untagged receive buffers Remote invalidation of an STag across multiple connections

11 11/11/200358th IETF - Minneapolis, MN USASecurity - 11 Tools for Counter Measures Protection Domain End-to-end authentication Limiting scope of: –STag Number of connections, amount of buffer advertised, time the buffer is advertised, randomly use the namespace –Buffer access rights Write-only, Read-only, Write/Read –Completion Queue One or more connections –Error generation/propagation Resource manager

12 11/11/200358th IETF - Minneapolis, MN USASecurity - 12 Counter Measures Protection Domain (PD) –Data buffers associated with an STag can be accessed only through connections in the same PD –Limit CQ access to connections in the same PD Limit STag scope –Limit SdTag usage to a single connection, or connections in the same PD –Limit the time the STag is valid by invalidating STag when data transfer is over –Limit the memory the STag can access by setting base and bounds to just the intended buffers

13 11/11/200358th IETF - Minneapolis, MN USASecurity - 13 Counter Measures Set appropriate buffer access rights –Enable only the rights needed (read only, write only or read/write) –Local peer only access for buffers that do not require remote access Limit scope of error propagation/generation –Limit generation of error events to prevent event queue overflow Resource Manager –Put allocation of scarce resource under control of a Resource Manager

14 11/11/200358th IETF - Minneapolis, MN USASecurity - 14 Attacks & Countermeasures Threat/Attack ClassPD E2E auth Limit scope Resource Manager STagBuffer Access CQ Error Spoofing Connection hijacking Unauthorized STag use Tampering Unauthorized data modification Information Disclosure Unauthorized data access Denial of Service Consumption of resources Elevation of Privilege Load FW on RNIC (Or not allow this feature)

15 11/11/200358th IETF - Minneapolis, MN USASecurity - 15 What’s New “Partial Trust” instead of “Trust” Architecture model –Clarifications to existing components –RNIC data transfer initialization –RNIC data transfer (SQ, RQ) –RNIC Asynch Event Queue

16 11/11/200358th IETF - Minneapolis, MN USASecurity - 16 What’s New (cont) Clarifications for implementation flexibility –Multiple PDs in a single app Consideration of additional attacks –Controlling Page Trans. Table mapping to a buffer –Shared STag – remote invalidate –Shared STag – remote peer consumes too many buffers

17 11/11/200358th IETF - Minneapolis, MN USASecurity - 17 Combinations of Trust Local Resource Sharing Local Trust? Remote Trust? NameExample Application NNNNS- NT RDDP/DDP client/server Networking NNYNS- RT Authenticated Remote Peer NYNKernel client NYYSimilar to S-T YNNS-NTTypical Networking YNY?? YYNS-LTStorage target YYYS-TMPI

18 11/11/200358th IETF - Minneapolis, MN USASecurity - 18 Dimensions of Partial Trust Primarily a tool to educate the non-IETF RDMA community on the risks of traditional RDMA (local and remote trust) Within IETF the assumption is generally no remote trust, no local trust –Thus dimensions of trust could be simplified to just a local resource sharing issue i.e. Are local resources shared between streams? Should we remove dimensions of trust?

19 11/11/200358th IETF - Minneapolis, MN USASecurity - 19 Outstanding Issues Issues highlighted in the document –IPsec section –Summary table at the end –Clarify using PD as counter measure vs. PD resource limitation –Describe security issue with sharing resources for untagged receives before diving into evaluation of shared buffer pool vs. shared receive queue Still open since Vienna –Resolve shared RQ security issues –Better document multiple client to single server with different trust model per client

20 11/11/200358th IETF - Minneapolis, MN USASecurity - 20 Outstanding Issues Other emails –Non-privileged Application being able to disable/enable an STag mapping without using the Privileged Resource Manager

Download ppt "RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba."

Similar presentations

Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.

Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.

Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update
Jason Morrill NCOAUG Training Day February, 2008

Jason Morrill NCOAUG Training Day February, 2008
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.

Similar presentations

Ads by Google