SSR: 以SoftRoCE為基礎強化資料中心的RDMA資料交換的安全性

Abstract

遠端直接記憶體存取 (RDMA) 被廣泛應用在資料中心建構高效的資源解耦系統。RDMA 允許電腦在很少或沒有 CPU 參與的情況下以超低延遲和高頻寬交換資料，這使得眾多最先進的雲端服務能夠同時兼顧高效能和有效的資源利用。然而，在 Infiniband 和 RDMA over Converged Ethernet (RoCE) 等傳統 RDMA 協議的主流實現中，主要的設計考量在於如何使用硬體加速來提高效能，而往往沒有考慮到安全性的問題。這使得在將 RDMA 推廣到除了高效能應用以外的其他場景時造成嚴重的阻礙。為此，我們提出了 Secure SoftRoCE (SSR) 框架，希望透過 SoftRoCE 以軟體的方式來解決 RDMA 安全性上的問題。本篇論文討論了 SSR 如何克服 RDMA 協議中的安全漏洞，並提出了幾種緩解方法來展示本框架的可行性，這些方法包含了封包加密、來源驗證、虛擬 QPN 、精細的資源管理和泛用的傳輸監控機制。本篇論文也評估了這些緩解手段對效能的潛在影響，並討論將SSR 應用於實際場景時的可行性。

Remote Direct Memory Access (RDMA) is popularly used for building highly efficient resource disaggregation systems in datacenters. RDMA allows computers to exchange data with ultra-low latency and high bandwidth with no or little CPU resources, which enables numerous state-of-the-art cloud services to achieve high performance and effective resource utilization. Unfortunately, traditional RDMA protocols in mainstream implementations such as Infiniband and RDMA over Converged Ethernet (RoCE) are usually designed with hardware accelerators in mind, which focus mainly on performance instead of security and have become serious concerns today for extending the usage of RDMA beyond high-performance computing applications. As a remedy, we propose a framework called Secure SoftRoCE (SSR), which invokes SoftRoCE to address the security concerns with software methods. In this thesis, we discuss how SSR may overcome security vulnerabilities in the RDMA protocols and present several mitigation techniques to demonstrate the effectiveness of the proposed framework, including payload encryption, source authentication, virtual QPN, fine-grained resource management, and a general transmission monitoring mechanism. Meanwhile, we evaluate the potential performance impact of those mitigation techniques to discuss the practicality of applying SSR to real workloads.