The documents distributed by this server have been provided by the
contributing authors as a means to ensure timely dissemination of
scholarly and technical work on a noncommercial basis. Copyright and all
rights therein are maintained by the authors or by other copyright
holders, notwithstanding that they have offered their works here
electronically. It is understood that all persons copying this
information will adhere to the terms and constraints invoked by each
author's copyright. These works may not be reposted without the explicit
permission of the copyright holder.
Publications of SPCL
B. Rothenberger, K. Taranov, A. Perrig, T. Hoefler:
ReDMArk: Bypassing RDMA Security Mechanisms
(In Proceedings of the 2021 USENIX Security Symposium, presented in , USENIX, 2021, )
Abstract
State-of-the-art remote direct memory access (RDMA) technologies such as InfiniBand (IB) or RDMA over Converged
Ethernet (RoCE) are becoming widely used in data center applications and are gaining traction in cloud environments. Hence, the security of RDMA architectures is crucial, yet potential security implications of using RDMA communication remain largely unstudied. ReDMArk shows that current security mechanisms of IB-based architectures are insufficient against both in-network attackers and attackers located on end hosts, thus affecting not only secrecy, but also integrity of
RDMA applications. We demonstrate multiple vulnerabilities in the design of IB-based architectures and implementations of RDMA-capable network interface cards (RNICs) and exploit those vulnerabilities to enable powerful attacks such as packet injection using impersonation, unauthorized memory access, and Denial-of-Service (DoS) attacks. To thwart the discovered attacks we propose multiple mitigation mechanisms that are deployable in current RDMA networks.
Documents
download article:
Recorded talk (best effort)
BibTeX
@inproceedings{taranov-redmark, author={Benjamin Rothenberger and Konstantin Taranov and Adrian Perrig and Torsten Hoefler}, title={{ReDMArk: Bypassing RDMA Security Mechanisms}}, year={2021}, booktitle={Proceedings of the 2021 USENIX Security Symposium}, location={}, publisher={USENIX}, note={}, }
