Security of RDMA

Remote Direct Memory Access (RDMA) began as a low-latency, low-overhead network com- munication mechanism for HPC applications. Its implementations have been designed mainly for uses in well-guarded, trusted environments. Nowadays, RDMA is emerging in data centers where it is used to establish connection between parties not necessarily trusting each other. This requires RDMA to be resilient against attacks and protected from abuse. Unfortunately, the widely used protocols lack basic defense mechanisms like encryption, authentication, or monitoring capabilities. Although implementations already come with some built-in counter measures, they are not sufficient to solve the security problems of RDMA in an effective and efficient manner. As RDMA significantly benefits from hardware-accelerated packet processing, support from the network card will be needed to solve the security problems without sacrific- ing on performance. Fortunately, beside some short-term mitigations, there are already many proposed or even realized mechanisms which improve specific security aspects of RDMA via the network hardware.

(Hauptseminar)