937 research outputs found
Implications and Limitations of Securing an InfiniBand Network
The InfiniBand Architecture is one of the leading network interconnects used in high performance computing, delivering very high bandwidth and low latency. As the popularity of InfiniBand increases, the possibility for new InfiniBand applications arise outside the domain of high performance computing, thereby creating the opportunity for new security risks. In this work, new security questions are considered and addressed. The study demonstrates that many common traffic analyzing tools cannot monitor or capture InfiniBand traffic transmitted between two hosts. Due to the kernel bypass nature of InfiniBand, many host-based network security systems cannot be executed on InfiniBand applications. Those that can impose a significant performance loss for the network. The research concludes that not all network security practices used for Ethernet translate to InfiniBand as previously suggested and that an answer to meeting specific security requirements for an InfiniBand network might reside in hardware offload
CoVE: Towards Confidential Computing on RISC-V Platforms
Multi-tenant computing platforms are typically comprised of several software
and hardware components including platform firmware, host operating system
kernel, virtualization monitor, and the actual tenant payloads that run on them
(typically in a virtual machine, container, or application). This model is well
established in large scale commercial deployment, but the downside is that all
platform components and operators are in the Trusted Computing Base (TCB) of
the tenant. This aspect is ill-suited for privacy-oriented workloads that aim
to minimize the TCB footprint. Confidential computing presents a good
stepping-stone towards providing a quantifiable TCB for computing. Confidential
computing [1] requires the use of a HW-attested Trusted Execution Environments
for data-in-use protection. The RISC-V architecture presents a strong
foundation for meeting the requirements for Confidential Computing and other
security paradigms in a clean slate manner. This paper describes a reference
architecture and discusses ISA, non-ISA and system-on-chip (SoC) requirements
for confidential computing on RISC-V Platforms. It discusses proposed ISA and
non-ISA Extension for Confidential Virtual Machine for RISC-V platforms,
referred to as CoVE
- …