Benjamin Rothenberger, Konstantin Taranov, Adrian Perrig, Torsten Hoefler:
ReDMArk: Bypassing RDMA Security Mechanisms
(In Proceedings of the 2021 USENIX Security Symposium, USENIX, 2021)
Abstract
State-of-the-art remote direct memory access (RDMA) technologies such as InfiniBand (IB) or RDMA over Converged
Ethernet (RoCE) are becoming widely used in data center applications and are gaining traction in cloud environments. Hence, the security of RDMA architectures is crucial, yet potential security implications of using RDMA communication remain largely unstudied. ReDMArk shows that current security mechanisms of IB-based architectures are insufficient against both in-network attackers and attackers located on end hosts, thus affecting not only secrecy, but also integrity of
RDMA applications. We demonstrate multiple vulnerabilities in the design of IB-based architectures and implementations of RDMA-capable network interface cards (RNICs) and exploit those vulnerabilities to enable powerful attacks such as packet injection using impersonation, unauthorized memory access, and Denial-of-Service (DoS) attacks. To thwart the discovered attacks we propose multiple mitigation mechanisms that are deployable in current RDMA networks.
Documents
download article:
Recorded talk (best effort)
BibTeX
@inproceedings{taranov-redmark, author={Benjamin Rothenberger and Konstantin Taranov and Adrian Perrig and Torsten Hoefler}, title={{ReDMArk: Bypassing RDMA Security Mechanisms}}, year={2021}, booktitle={Proceedings of the 2021 USENIX Security Symposium}, publisher={USENIX}, source={http://www.unixer.de/~htor/publications/}, }
