The growing popularity of high performance computing has led to a new focus on bypassing or eliminating traditional I/O operations that are usually the bottlenecks for fast processing of large data volumes. One such solution uses a new network communication protocol called InfiniBand (IB) which supports remote direct memory access without making two copies of data (one in user space and the other in kernel space) and thus provides very low latency and very high throughput. To this end, for many industries, IB has now become a promising inter-connect protocol over Ethernet technologies. Ensuring the security of this new protocol is critical since more and more companies are moving towards it. To ensure the security of IB, the first step is to have a thorough understand of the vulnerabilities of its current implementations, which is unfortunately still missing in the literature. In this paper, we aim to fill this gap. In particular, we perform a static code analysis as well as protocol testing in order to examine security features in IB architecture from the implementation perspective. While our extensive penetration testing could not find any significant security loopholes; there are certain aspects in both the design and the implementations that need to be addressed. Our focus is in the implementation perspective. Specifically, we found there is a significant use for a number of vulnerable functions (e.g., memcpy, sprintf, and char) as well as obsolete functions (e.g., memalign) that we believe should be replaced with alternative functions such as memmove, snprintf, getline, and posix memalign. We believe our work will benefit both the protocol developers as well as the users by taking the first step to ensure the security of IB protocol.
[1]
Seung-Soon Im,et al.
Tool interface standard (TIS) executable and linking format (ELF) specification
,
1995
.
[2]
Alejandro Hernández.
ELF Parsing Bugs by Example with Melkor Fuzzer
,
2014
.
[3]
Barton P. Miller,et al.
Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services
,
1995
.
[4]
Pedram Amini,et al.
Fuzzing: Brute Force Vulnerability Discovery
,
2007
.
[5]
Mazin S. Yousif,et al.
Security enhancement in InfiniBand architecture
,
2005,
19th IEEE International Parallel and Distributed Processing Symposium.
[6]
David Brumley,et al.
Unleashing Mayhem on Binary Code
,
2012,
2012 IEEE Symposium on Security and Privacy.
[7]
Bruce Schneier,et al.
Cryptography Engineering - Design Principles and Practical Applications
,
2010
.
[8]
Ulrich Drepper.
The Need for Asynchronous, Zero-Copy Network I/O Problems and Possible Solutions
,
2006
.
[9]
Odysseas I. Pentakalos.
An Introduction to the InfiniBand Architecture
,
2002,
Int. CMG Conference.
[10]
Thomas Ball,et al.
The concept of dynamic analysis
,
1999,
ESEC/FSE-7.
[11]
Silas Boyd-Wickizer,et al.
Tolerating Malicious Device Drivers in Linux
,
2010,
USENIX Annual Technical Conference.