[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels |
|
Date: |
Wed, 4 Feb 2015 14:50:53 +0000 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Feb 04, 2015 at 04:48:44PM +0200, Marcel Apfelbaum wrote:
> On 02/04/2015 04:28 PM, Paolo Bonzini wrote:
> >
> >
> >On 04/02/2015 15:02, Daniel P. Berrange wrote:
> >>>I'm not sure if it makes sense for RDMA; it already has a couple of hooks
> >>>that go around the back of QEMUFile in migration, and it's transferring the
> >>>data via DMA so the page data doesn't go through the same path.
> >>
> >>Could you ever anticipate any need for authentication or encryption in
> >>the RDMA based channel ? I don't know enough about RDMA myself to know
> >>if it makes sense or not, other than the fact that any channel between
> >>two separate hosts needs security at some level in the stack.
> >
> >Authentication, possibly; but I don't think encryption makes sense. Marcel?
> I personally think that the protocol is safe enough, but as always there are
> holes
> and I am not a security expert:
>
> "RDMA mechanisms can create a potential security vulnerability. A node
> may access another nodes
> memory region that was supposed to be banned.
> In order to protect remote memory access to unauthorized memory areas,
> InfiniBand defines memory
> protection mechanisms, where a remote memory access requires a special
> key (R_Key). The R_Key is
> negotiated between the peers and is validated at the target’s system HCA
> card. In case of illegal key the
> packet is dropped. The R_Key requirement is built into silicon and
> driver code and cannot be disabled
> even when attacker compromises root/admin/superuser account on one or
> multiple servers."
>
> More on Layer 2 attacks and how Infiniband handle those:
>
> http://www.mellanox.com/related-docs/whitepapers/WP_Secuirty_In_InfiniBand_Fabrics_Final.pdf
>
Ok I guess we could probably just assume RDMA is sufficient as is for now.
We can fairly easily revisit it later if we find it it needs more work
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, (continued)
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Peter Maydell, 2015/02/04
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Markus Armbruster, 2015/02/04
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Daniel P. Berrange, 2015/02/04
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Peter Maydell, 2015/02/04
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Paolo Bonzini, 2015/02/04
- Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Markus Armbruster, 2015/02/05
Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Dr. David Alan Gilbert, 2015/02/04
Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Eric Blake, 2015/02/04
Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Dr. David Alan Gilbert, 2015/02/05
Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels, Paolo Bonzini, 2015/02/04