OSDev.org :: View topic - RDMA and security

Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ?

On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ?

There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it.

It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking.

Author:	ArnaudLcm [ Wed Nov 29, 2023 5:14 am ]
Post subject:	RDMA and security
Hi everyone, Hope you are doing well. Few weeks ago now, I've been introduced to the concept of RDMA and their usage for low latency communications in distributed systems. As far as I know, this technology has reach some success in the HPC ecosystem. However, I've some concern regarding the security part. Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ? On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ? If you have any literature dealing with this issue, I would be very interested.

Author:	Octocontrabass [ Tue Jan 16, 2024 2:09 am ]
Post subject:	Re: RDMA and security
ArnaudLcm wrote: Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ? There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it. It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking. ArnaudLcm wrote: On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ? If you do cryptography in hardware, you can ensure security even when you're bypassing the kernel. Without that, the only way is through software at the user level.

Author:	ArnaudLcm [ Tue Jan 16, 2024 4:03 am ]
Post subject:	Re: RDMA and security
Quote: There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it. It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking. I should have clarify that I was only focused on cryptography, and not on restricting the address space but you got the point ! I've come across an interesting white paper: https://www.usenix.org/system/files/atc20-taranov_0.pdf. Once I find the time to read it, I'll share my notes in a comment, in case someone else is interested in the topic. I would really like to dive in this topic and gain a better understanding of how it's implemented. Nevertheless, thanks for you clarifications

OSDev.org https://forum.osdev.org/

RDMA and security https://forum.osdev.org/viewtopic.php?f=13&t=57039	Page 1 of 1

Page 1 of 1	All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/