OSDev.org

The Place to Start for Operating System Developers
https://f.osdev.org/

RDMA and security

https://f.osdev.org/viewtopic.php?t=57039

Page 1 of 1

RDMA and security

Posted: Wed Nov 29, 2023 5:14 am
by ArnaudLcm
Hi everyone,
Hope you are doing well.

Few weeks ago now, I've been introduced to the concept of RDMA and their usage for low latency communications in distributed systems.
As far as I know, this technology has reach some success in the HPC ecosystem.
However, I've some concern regarding the security part. Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ?
On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ?

If you have any literature dealing with this issue, I would be very interested.

Re: RDMA and security

Posted: Tue Jan 16, 2024 2:09 am
by Octocontrabass
ArnaudLcm wrote:Do you know mechanisms on the software or hardware part to enforce secure communications (mainly through cryptography) ?
There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it.

It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking.
ArnaudLcm wrote:On the software part, as it bypass the kernel, i assume the only way to ensure some security is through libs ?
If you do cryptography in hardware, you can ensure security even when you're bypassing the kernel. Without that, the only way is through software at the user level.

Re: RDMA and security

Posted: Tue Jan 16, 2024 4:03 am
by ArnaudLcm
There should be some RDMA-capable hardware out there that can encrypt/decrypt/authenticate traffic. Unfortunately it's all too expensive for me to have any experience with it.

It's unrelated to cryptography, but you can use an IOMMU to enforce bounds checking.
I should have clarify that I was only focused on cryptography, and not on restricting the address space but you got the point !

I've come across an interesting white paper: https://www.usenix.org/system/files/atc20-taranov_0.pdf. Once I find the time to read it, I'll share my notes in a comment, in case someone else is interested in the topic. I would really like to dive in this topic and gain a better understanding of how it's implemented.


Nevertheless, thanks for you clarifications :)
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited