Security analysis on InfiniBand protocol implementations

2016 IEEE Symposium Series on Computational Intelligence (SSCI) Pub Date : 2016-12-01 DOI:10.1109/SSCI.2016.7849903

Kul Prasad Subedi, D. Dasgupta, Bo Chen

{"title":"Security analysis on InfiniBand protocol implementations","authors":"Kul Prasad Subedi, D. Dasgupta, Bo Chen","doi":"10.1109/SSCI.2016.7849903","DOIUrl":null,"url":null,"abstract":"The growing popularity of high performance computing has led to a new focus on bypassing or eliminating traditional I/O operations that are usually the bottlenecks for fast processing of large data volumes. One such solution uses a new network communication protocol called InfiniBand (IB) which supports remote direct memory access without making two copies of data (one in user space and the other in kernel space) and thus provides very low latency and very high throughput. To this end, for many industries, IB has now become a promising inter-connect protocol over Ethernet technologies. Ensuring the security of this new protocol is critical since more and more companies are moving towards it. To ensure the security of IB, the first step is to have a thorough understand of the vulnerabilities of its current implementations, which is unfortunately still missing in the literature. In this paper, we aim to fill this gap. In particular, we perform a static code analysis as well as protocol testing in order to examine security features in IB architecture from the implementation perspective. While our extensive penetration testing could not find any significant security loopholes; there are certain aspects in both the design and the implementations that need to be addressed. Our focus is in the implementation perspective. Specifically, we found there is a significant use for a number of vulnerable functions (e.g., memcpy, sprintf, and char) as well as obsolete functions (e.g., memalign) that we believe should be replaced with alternative functions such as memmove, snprintf, getline, and posix memalign. We believe our work will benefit both the protocol developers as well as the users by taking the first step to ensure the security of IB protocol.","PeriodicalId":120288,"journal":{"name":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI.2016.7849903","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The growing popularity of high performance computing has led to a new focus on bypassing or eliminating traditional I/O operations that are usually the bottlenecks for fast processing of large data volumes. One such solution uses a new network communication protocol called InfiniBand (IB) which supports remote direct memory access without making two copies of data (one in user space and the other in kernel space) and thus provides very low latency and very high throughput. To this end, for many industries, IB has now become a promising inter-connect protocol over Ethernet technologies. Ensuring the security of this new protocol is critical since more and more companies are moving towards it. To ensure the security of IB, the first step is to have a thorough understand of the vulnerabilities of its current implementations, which is unfortunately still missing in the literature. In this paper, we aim to fill this gap. In particular, we perform a static code analysis as well as protocol testing in order to examine security features in IB architecture from the implementation perspective. While our extensive penetration testing could not find any significant security loopholes; there are certain aspects in both the design and the implementations that need to be addressed. Our focus is in the implementation perspective. Specifically, we found there is a significant use for a number of vulnerable functions (e.g., memcpy, sprintf, and char) as well as obsolete functions (e.g., memalign) that we believe should be replaced with alternative functions such as memmove, snprintf, getline, and posix memalign. We believe our work will benefit both the protocol developers as well as the users by taking the first step to ensure the security of IB protocol.

查看原文本刊更多论文

ib协议实现的安全性分析

高性能计算的日益普及导致了对绕过或消除传统I/O操作的新关注，这些操作通常是快速处理大数据量的瓶颈。其中一种解决方案使用一种称为InfiniBand (IB)的新网络通信协议，它支持远程直接内存访问，而无需生成两个数据副本(一个在用户空间，另一个在内核空间)，因此提供了非常低的延迟和非常高的吞吐量。为此，对于许多行业来说，IB现在已经成为以太网技术上有前途的互连协议。确保这个新协议的安全性至关重要，因为越来越多的公司正在转向它。为了确保IB的安全性，第一步是彻底了解其当前实现的漏洞，不幸的是，这在文献中仍然缺失。在本文中，我们的目标是填补这一空白。特别是，我们执行静态代码分析和协议测试，以便从实现的角度检查IB架构中的安全特性。虽然我们广泛的渗透测试没有发现任何重大的安全漏洞;在设计和实现中都有某些方面需要解决。我们的重点是在实现方面。具体来说，我们发现许多易受攻击的函数(例如，memcpy、sprintf和char)以及过时的函数(例如，memalign)都有很大的用处，我们认为应该用memmove、snprintf、getline和posix memalign等替代函数来替换它们。我们相信，我们的工作将为确保IB协议的安全性迈出第一步，从而使协议开发者和用户都受益。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE Symposium Series on Computational Intelligence (SSCI)

自引率

0.00%

发文量