[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels

From: Marcel Apfelbaum
Subject: Re: [Qemu-devel] RFC: Universal encryption on QEMU I/O channels
Date: Wed, 04 Feb 2015 16:48:44 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

On 02/04/2015 04:28 PM, Paolo Bonzini wrote:

On 04/02/2015 15:02, Daniel P. Berrange wrote:
I'm not sure if it makes sense for RDMA; it already has a couple of hooks
that go around the back of QEMUFile in migration, and it's transferring the
data via DMA so the page data doesn't go through the same path.

Could you ever anticipate any need for authentication or encryption in
the RDMA based channel ? I don't know enough about RDMA myself to know
if it makes sense or not, other than the fact that any channel between
two separate hosts needs security at some level in the stack.

Authentication, possibly; but I don't think encryption makes sense.  Marcel?
I personally think that the protocol is safe enough, but as always there are 
and I am not a security expert:

    "RDMA mechanisms can create a potential security vulnerability. A node may 
access another nodes
     memory region that was supposed to be banned.
     In order to protect remote memory access to unauthorized memory areas, 
InfiniBand defines memory
     protection mechanisms, where a remote memory access requires a special key 
(R_Key). The R_Key is
     negotiated between the peers and is validated at the target’s system HCA 
card. In case of illegal key the
     packet is dropped. The R_Key requirement is built into silicon and driver 
code and cannot be disabled
     even when attacker compromises root/admin/superuser account on one or multiple 

More on Layer 2 attacks and how Infiniband handle those:

I hope I helped,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]