Virtualization Technology News and Information
Offload Security Vulnerabilities in the Fight Against Microprocessor Attacks

Written by Kevin Deierling, Vice President, Marketing for Mellanox

The recent Meltdown and Spectre microprocessor-based attacks exploited protected memory on CPU chips that power the application processing in the cloud and and enterprise data centers.

Protected memory was previously a stronghold for critical and valuable data, allowing customer's most sensitive information to be stored and processed safely.  But the Spectre and Meltdown attacks changed everything. By exploiting vulnerabilities of the CPU,  these security attacks compromised previously secure data and application domains. This has clearly demonstrated the need for a revised approach to data center security in today's hyperscale world.


Figure 1: Spectre & Meltdown Attacks Highlight the Vulnerability of Host Based Security

Specifically, Spectre and Meltdown are variations of the same vulnerability that affects nearly every chip manufactured in the last 20 years by exploiting two specific functions enabling them to gain access to protected data. 

  1. Speculative execution
  2. Caching

From a security standpoint, endpoint protection (locking down devices at the data center edge, including servers and connected storage) suffers from the inherent issue, being that security controls are found in the exact same trust domain as customer applications and more critically potential malicious attackers. A successful breach against the host results in these security controls being subverted and the security policy circumvented.

Thus, a good practice today is to never trust the software running on a host - nor trust the CPU executing that software. This so called "Zero Trust" model represents a sea change from previous practices.

Fortunately, there are new technologies to achieve this Zero Trust model of security. These technologies provide methods to run infrastructure functionality, such as networking, storage, and security, such that policy cannot be subverted -- even when the host is compromised. Cloud providers and enterprises, for example, need to trust their infrastructure functionality even when under attack!

The key technology to achieve this is the SmartNIC, a separate programmable network component that offloads key processes to an isolated security domain. Initially SmartNICs were valued primarily as a means to reduce the burden of CPUs handling data intensive networking taskss. The most flexible SmartNICs provide a general purpose programmable network processor that provides an independent security domain that can be protected and isolated from application processing.  This class of SmartNICs (as compared to FPGA based offerings) have the flexibility, intelligence, performance, and ease of programming to overcome Meltdown and Spectre-driven security concerns.

The control and data planes of infrastructure functions, such as networking, storage, and security, are fully implemented in the isolated programmable network adapter, protecting these policies from an attacker. Infrastructure functionality runs securely, as it operates independently from the host in an isolated and authenticate manner in a separate trust domain (the smart network adapter). A successful attack against the host, or one of the workloads using it, is not able to circumvent the policies applied to infrastructure functions; those are enforced by the smart network adapter.

Figure 2: SmartNICs Create an Isolated Security Domain that Overcomes Host Based Attacks

SmartNICs solve both the security problems and the performance problems of edge-centric policy models, while allowing for significantly better scaling and cost savings. This is achieved by complete isolation of the security controls from the host, to prevent shared resources from being exploited at both the software level - and now, the hardware level.

In order to deliver networking capabilities in a more scalable, agile, and cost-effective manner, the networking environment in modern datacenters is transforming towards extreme speed and simplicity - pushing functionality that traditionally lived in the network onto host machines themselves.

Only on the edge of the network can granular visibility and security controls be effective on a per-workload basis. Security policy, therefore, is distributed and enforced using host-based SDN models at the server-access layer. The end-result is massive scalability.

However, having a smarter edge brings significant performance and security challenges that must be addressed:

  • The server CPU cannot handle today's exponential data growth. As more functionality is now implemented at the host, fewer compute resources are available to run applications and tenant workloads.
  • Endpoint protection suffers from an inherent issue as security controls are found on the same trust domain as that of potential attackers. As such, a successful attack against the host can result in the security controls being subverted and wholesale violation of cloud provider security policies.


About the Author

Kevin Deierling, Vice President, Marketing for Mellanox


Kevin Deierling has served as Mellanox's VP of marketing since March 2013. Previously he served as VP of technology at Genia Technologies, chief architect at Silver Spring Networks and ran marketing and business development at Spans Logic.

Published Thursday, April 11, 2019 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2019>