RDMA and security

Programming, for all ages and all languages.
Post Reply
ArnaudLcm
Posts: 3
Joined: Wed Nov 29, 2023 4:47 am

RDMA and security

Post by ArnaudLcm »

Hi everyone,
Hope you are doing well.

Few weeks ago now, I've been introduced to the concept of RDMA and their usage for low latency communications in distributed systems.
As far as I know, this technology has reach some success in the HPC ecosystem.
However, I've some concern regarding the security part. Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ?
On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ?

If you have any literature dealing with this issue, I would be very interested.
Octocontrabass
Member
Member
Posts: 5546
Joined: Mon Mar 25, 2013 7:01 pm

Re: RDMA and security

Post by Octocontrabass »

ArnaudLcm wrote:Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ?
There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it.

It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking.
ArnaudLcm wrote:On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ?
If you do cryptography in hardware, you can ensure security even when you're bypassing the kernel. Without that, the only way is through software at the user level.
ArnaudLcm
Posts: 3
Joined: Wed Nov 29, 2023 4:47 am

Re: RDMA and security

Post by ArnaudLcm »

There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it.

It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking.
I should have clarify that I was only focused on cryptography, and not on restricting the address space but you got the point !

I've come across an interesting white paper: https://www.usenix.org/system/files/atc20-taranov_0.pdf. Once I find the time to read it, I'll share my notes in a comment, in case someone else is interested in the topic. I would really like to dive in this topic and gain a better understanding of how it's implemented.


Nevertheless, thanks for you clarifications :)
Post Reply