The test system I am looking at uses an ethernet interconnect for the MPI
control channel (i.e. mpirun via ssh/tcp, etc) and uses the Infiniband
interconnect for the actual MPI communication.
The ethernet interconnect is VLAN'ed between cluster A and B and therefore
mpirun via ssh cannot be used to send the 'out of band' mpi control commands.
There are a couple of attack paths focused on the Infiniband interconnect that
I can see (with my limited IB / MPI knowledge) to attempt to demonstrate that
the partitioning can be bypassed and data from another partition could be seen
or nodes accessed.
1) Attempt to *directly* communicate with another node via MPI (uDAPL?)
bypassing the need for mpirun/ssh.
2) Attempt to 'sniff' or dump packets or data from the local HCA that has had
its partition membership changed in an effort to capture data being seen by the
HCA. I haven't seen any evidence this is possible via IB.
I started getting hopeful that it would be straight-forward, as changing
partition membership seemed viable. However, things are starting to get a
little more complicated :)
On the assumption that partition membership can be changed successfuly using
ibis, I suppose I am simply trying to access another node on the same
partition, without any IP access (IPoIB, or TCP/IP for MPI control
communication).
Thanks,
Dave> Subject: RE: ***SPAM*** RE: [ofa-general] Is IBIS only for querying
OpenSM?> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]> CC: [EMAIL PROTECTED];
[email protected]> Date: Fri, 18 Apr 2008 12:12:18 -0700> > Terry,>
> On Fri, 2008-04-18 at 15:25 +0000, terry watson wrote:> > Thanks Hal. I
appreciate using the SM is the correct means of controlling partitioning;
however, the testing I am performing is assessing security vulnerabilities. In
this case, the two clusters are separated by partitioning only and I am seeking
to assess the ability of a user to obtain unauthorised access to one cluster
from the other. The requirement for the vendor building the two clusters was
that they were isolated from each other. They have chosen to use one switch and
I have to assess if this provides adequate isolation, as per the client's
security requirements.> > > > At this stage of my investigation, I do not
believe partitioning on a switch provides adequate separation / isolation to be
used as a security control and two physical switches will need to be used to
provide the complete isolation that is required. But my task is to prove this
to justify the expense.... :) > > > > I value any comments or input on this
topic.> > One pertinent thing here is whether a MKey manager is supported in
the> SM, and if so, what level of MKeying is used. Sufficient MKey protection>
with a sophisticated manager could make the updates of such PKey tables>
difficult but not impossible. Currently, OpenSM does not support an MKey>
manager but one is being proposed for the next OFED cycle. Currently,> OpenSM
supports a static configured MKey and MKey lease period which> could make
things marginally better if you are concerned with rogue> updates like this.
Not sure about the third party (vendor) SMs in this> regard. Contact your
vendor if this is of interest.> > -- Hal> > >
----------------------------------------> > > Subject: Re: ***SPAM*** RE:
[ofa-general] Is IBIS only for querying OpenSM?> > > From: [EMAIL PROTECTED]> >
> To: [EMAIL PROTECTED]> > > CC: [EMAIL PROTECTED];
[email protected]> > > Date: Fri, 18 Apr 2008 07:37:51 -0700> > > >
> > Terry,> > > > > > On Fri, 2008-04-18 at 09:38 +0000, terry watson wrote:> >
>> Thanks for the response. The environment I am testing has two clusters and
one switch, > > >> with the subnet manager running from the switch. Half the
nodes are in one partition and > > >> half in the other (ignoring 0xffff), call
them partitions A and B. I have access to one > > >> node in partition A as
root and would like to be able to reconfigure that node locally, > > >> and
with no access to the switch subnet manager configuration, to be able to access
nodes > > >> in partition B.> > > > > > In general, this is not a good idea
IMO. As Philippe wrote, the SM (is> > > supposed to) own the writing of those
tables (rather than some low level> > > diag utility). Even if you modify the
local PKey table, it is possible> > > for the SM to overwrite this. Also, there
are several other> > > ramifications of this depending on how the SM deals with
partitions.> > > Even if you change things locally, that may not be sufficient
as the> > > peer switch port may do partition filtering so that may need to
change> > > that too and possible more PKey tables in the network depending on
what> > > your SM does. Also, there are SA responses that depend on the SM
having> > > correct knowledge (like PathRecords and others) so the end node may
not> > > get any response on that partition for certain things.> > > > > >>
After some reading I believe that IBIS from IBUtils should allow me to alter
the > > >> local p_key table and therefore allow me to access nodes on
partition B.> > > > > > Yes but it may take more than this for it to work
depending on your SM.> > > > > >> I cannot test this until I am on-site and I
am formulating a strategy before arrival. > > >> If it does not work this way
it would be useful to know in advance. MPI is used rather than IPoIB. > > > > >
> Some MPIs use out of band mechanisms to create connections so the SA> > >
issues may not apply there; but I think the partition ones might and are> > >
SM dependent so your mileage may vary...> > > > > >> If my approach is flawed I
would appreciate it if someone could point this out.> > > > > > The proper way
to do this is by reconfiguring your SM.> > > > > > -- Hal> > > > > >>
________________________________> > >>> Date: Fri, 18 Apr 2008 09:35:42 +0200>
> >>> From: [EMAIL PROTECTED]> > >>> To: [EMAIL PROTECTED]> > >>> CC:
[email protected]> > >>> Subject: Re: [ofa-general] Is IBIS only
for querying OpenSM?> > >>> > > >>> terry watson a écrit :> > >>> > > >>> Hi
all,> > >>> > > >>> I will be performing some testing of partitioning used as a
security control. Am I right in believing that IBIS will be able to set
partition table values of the local compute node I am logged on to, even though
they are not using OpenSM, but rather a SM on a switch? Could I then attempt to
access a partition that I was originally excluded from accessing?> > >>> > >
>>> I am new to Infiniband technology and would also appreciate a response from
an expert who has views on the strength of the security that partitioning
provides in separating two clusters that should have no interaction
whatsoever.> > >>> > > >>> Thanks,> > >>> Dave> > >>>
_________________________________________________________________> > >>>
Discover the new Windows Vista> > >>>
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE_______________________________________________>
> >>> general mailing list> > >>> [email protected]> > >>
_________________________________________________________________> > >> News,
entertainment and everything you care about at Live.com. Get it now!> > >>
http://www.live.com/getstarted.aspx_______________________________________________>
> >> general mailing list> > >> [email protected]> > >>
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general> > >> > > >> To
unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general> >
> > > > > _________________________________________________________________> >
Connect to the next generation of MSN Messenger > >
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline>
_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
_______________________________________________
general mailing list
[email protected]
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
