8 - snia - persistent memory · held the first pm summit (actually called “nvm summit”) january...
TRANSCRIPT
![Page 1: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/1.jpg)
Persistent Memory
![Page 2: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/2.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Agenda
Persistent MemoryMedia vs. access/implementation (NVM)Programing modelSNIA TWG WorkSecurityAlliances/Use-cases
2
![Page 3: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/3.jpg)
Persistent Memory
![Page 4: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/4.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Persistent Memory (PM) Technologyis a type of Non-Volatile Memory (NVM)
Disk-like non-volatile memoryPersistent RAM diskAppears as disk drives to applicationsAccessed as traditional array of blocks
Memory-like non-volatile memory (PM)Appears as memory to applicationsApplications store data directly in byte-addressable memoryNo IO or even DMA is required
![Page 5: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/5.jpg)
Persistent Memory Programming:The Current State and Future Direction
![Page 6: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/6.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Ancient History
June 2012Formed the NVM Programming TWGImmediate participation from key OSVs, ISVs, IHVs
January 2013Held the first PM Summit (actually called “NVM Summit”)
January 2014TWG published rev 1.0 of the NVM Programming Model
6
![Page 7: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/7.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
The Programming Model
NVDIMMs
UserSpace
KernelSpace
StandardFile API
NVDIMM Driver
Application
File System
ApplicationApplication
StandardRaw
DeviceAccess
Storage File Memory
Load/Store
Management Library
Management UI
StandardFile API
Mgmt.
PM-AwareFile System
MMUMappings
![Page 8: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/8.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Must Open File Before Mapping
NVDIMMs
UserSpace
KernelSpace
Application
Load/StoreStandardFile API
PM-AwareFile System
MMUMappings
Standard Namingand
Permission Model
![Page 9: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/9.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Direct Access
NVDIMMs
UserSpace
KernelSpace
Application
Load/StoreStandardFile API
PM-AwareFile System
MMUMappings
“DAX”
![Page 10: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/10.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Direct Access
NVDIMMs
UserSpace
KernelSpace
Application
Load/StoreStandardFile API
PM-AwareFile System
MMUMappings
“DAX”
Windows:DAX Support is shippingNTFS is PM-AwareSome new APIsPMDK support
![Page 11: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/11.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Direct Access
NVDIMMs
UserSpace
KernelSpace
Application
Load/StoreStandardFile API
PM-AwareFile System
MMUMappings
“DAX”
Linux:DAX Support is shippingext4 is PM-AwareXFS is PM-AwarePMDK support
More filesystems coming
![Page 12: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/12.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Direct Access
NVDIMMs
UserSpace
KernelSpace
Application
Load/StoreStandardFile API
PM-AwareFile System
MMUMappings
“DAX”
VMware:Virtualization of PM
![Page 13: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/13.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.13
Persistent Memory (PM) Modes
NVM.PM.VOLUME ModeSoftware abstraction for persistent memory hardware Address rangesThin provisioning management
NVM.PM.FILE ModeApplication behavior for accessing PM Mapping PM files to application address spaceSyncing PM files
PM Aware Apps
User
mod
eKe
rnel
mod
ePM Aware File Systems
PM capable Driver
PM Device
NVM.PM.FILE Mode
PM VOLUME Mode
File APIs Mem ops
![Page 14: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/14.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Applications: Public Demos
SAP SAPPHIRE Oracle OpenWorld
Built on the Persistent Memory programming model!
2017 was an interesting year for demos…
![Page 15: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/15.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Persistent Memory Developer Kitpmem.io
15
PMDK Provides a Menu of LibrariesDevelopers pull in just what they need
Transaction APIsPersistent memory allocators
Instead of re-inventing the wheelPMDK libraries are fully validatedPMDK libraries are performance tuned
PMDK Provides Tools for DevelopersPMDK is Open Source and Product-Neutral
NVDIMM
UserSpace
KernelSpace
Application
Load/StoreStandardFile API
PM-AwareFile System
MMUMappings
PMDKLibraries
![Page 16: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/16.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
PMDK in a Nutshell
Complex transactions, allocation handled by librariesNo “flush” calls to manage in most casesEach ISV doesn’t have to re-inventPerformance tuned (esp for future enhancements)
Licensing is very liberalSteal all the code you want!
PMDK is a convenience, not a requirementBuild your own library if you like!
16
![Page 17: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/17.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
More Information
http://snia.org/PMSpecs, workgroups, webcasts, videos, presentations
http://pmem.ioPMDK and other persistent memory programming information
http://pmem.io/documentsLinks to publications, standards, Windows & Linux info
17
![Page 18: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/18.jpg)
TWG Work
![Page 19: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/19.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
TWG Ongoing Work
SecurityPM Hardware Security Threat Model
Remote persistent memory (via RDMA)Ongoing – optimizations for RDMA worked in multiple forumsRemote asynchronous flush (under discussion)
Higher-level SemanticsAs we learn more..
19
![Page 20: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/20.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Updating Original Work
Error handlingAdditions to V1.2 of the programming model specificationRefinements to error handling annex
AtomicityNew white paperIntroduces PM data structure libraries with atomicity built inEnables PM transactions
20
![Page 21: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/21.jpg)
Persistent Memory Security
![Page 22: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/22.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Purpose of SNIA PM Security work
22
This work documents approaches for encryption of data on persistent memory (PM); particularly considering unique characteristics of PM.
Discover gaps in existing technologies related to PM securityCreate a treat model and suggest requirements that could resolve these gaps
The NVM Programming TWG has established an alliance with the Trusted Computing Group (TCG) outlining a collaboration between the SNIA NVMP TWG, TCG. The collaboration is structured as follows.
SNIA provides application/user level roles, behaviors and threat modelsTCG provides security protocol definitions
TCG, SNIA also approaching JEDECJEDEC provides NVDIMM specific specifications
![Page 23: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/23.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
PM Security
23
Many aspects of security are unchanged by PMAdministrative security
Key management
Memory protection
First order requirement: encryption of data at restAuthentication/Re-authentication Triggers
Real time encryption mechanics
Continuity of principal identity
![Page 24: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/24.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
PM Security
24
Protection granularity at the file and volume layersDevice, partition or volume protection of data at restMemory mapped file access authorization enforcement
Achieving isolation analogous to external storageLimiting access enablement windowsRapid privilege transition
![Page 25: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/25.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Public and private cloud requirements
25
Public speaks to how trust is established and isolation is
assured in shared public cloud infrastructure
Private speaks to multi-tenancy HW support
Both – encryption at rest, issues from prior 2 slides
![Page 26: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/26.jpg)
Alliances/Use Cases
![Page 27: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/27.jpg)
REMOTE PERSISTENT MEMORY
27
mem ctrl,
library
user
store, store,store,commit Local
NVDIMM
RemoteNVDIMM
completion
user
RemoteNVDIMM
completion
High Availability Use Case
Remote Shared Memory Use Caseuser
put get
notice
write, write,write,commit
store, store,store,flush
Collaborate to define solutions for multiple use cases
![Page 28: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/28.jpg)
REMOTE ACCESS FOR HA SOFTWARE MODELRDMA for HA During msync or opt_flush
Peer A Peer B
RDMA Data
RDMA Operation Requests
Load/Store
Opt FlushNative FileAPI
Remote Access for HA white paper released:http://www.snia.org/sites/default/files/technical_work/final/NVM_PM_Remote_Access_for_High_Availability_v1.0.pdf
Requirements for consistent data recovery, for efficient remote optimized flush
![Page 29: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/29.jpg)
SNIA & OPENFABRICS ALLIANCE
OpenFabrics Alliance Workshop 201829
SNIA NVMP TWG OpenFabrics Alliance
Develop RPM use cases
Create user-driven API Reqmts
Open SourceFrameworks & APIs
Create and Document Programming models
Vendors develop n/w solutions
SNIA Provides early access to work in progress
SNIA Accepts feedback through a portal
![Page 30: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/30.jpg)
Backup
![Page 31: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/31.jpg)
Persistent Memory Threat Model
![Page 32: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/32.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Roles for Threat Model
Customer – Security Principal/Data Owner Organization
Developer – Storage/Application Developer, DevOps
Security Officer – Security Rights Assigner
Administrator – System configuration manager
Deliver-er/Repair-er – Factory/Channel Support, Supply
Chain
InsecureSecure
![Page 33: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/33.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Threat Model
Attack Attacker Applicable existing approach
New issues with PM
Cross-Tenant Privacy/Confidentiality
Tenant, Administrator, Repair-er
Traditional authorization, authentication. Encryption at rest. Separation of roles.
Memory protection.
None
Integrity Developer, tenant, administrator
Traditional authorization, authentication. Separation of roles.Memory protection.
Increased scope of damage due to mismanaged pointers, memory resources
Availability –denial of service
Tenant, Developer
Per-tenant QoS Potential for rapid disruption with limited detection window
![Page 34: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/34.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Threat Model
Attack Attacker Applicable existing approach
New issues with PM
Cross-Tenant Tenant, Administrator
Tenant, Administrator, Repair-er
Secure erasure (physical or cryptographic) during deletion
More rapid free space recycling in memory than disk.
Insider Local HW attacks (e.g. DMA)
Tenant, Administrator, Developer
Memory Protection, Per-tenant QoSapplied to IO
Remote access threats (e.g. RDMA)
Tenant, Administrator, Developer
RDMA security, s-tag, range access enforcement
![Page 35: 8 - SNIA - Persistent Memory · Held the first PM Summit (actually called “NVM Summit”) January 2014 ... PM Hardware Security Threat Model Remote persistent memory (via RDMA)](https://reader033.vdocument.in/reader033/viewer/2022042304/5ecfdb49223b2a2c7175eaba/html5/thumbnails/35.jpg)
© 2018 Storage Networking Industry Association. All Rights Reserved.
Threat Model
Attack Attacker Applicable existing approach
New issues with PM
Insider Malware Developer, deliver-er, repair-er, Administrator
Digital signing, virus protection
Access by admin/support
Administrator Role separation, authentication/ Authorization