Hope that you'd be glad to add a star if you think this repo is helpful!
RDMI develops a defense system targetting for memory introspection, leveraging
programmable data planes and RDMA NICs. The RDMI compiler compiles the policies specified
in domain specific language into lower level configurations. The master P4 switch program
takes in the configurations and enforce the introspection policies for different security tasks.
This repo contains implementation of the system. Please refer to each readme under those subdirectories for more
informations.
Note that our RDMI work has been published at USENIX Security 2023 -- Distinguished Paper Award.
The compiler directory contains the implementation of the compiler. It also includes the policy dsl used for
encoding the introspection logic.
The switch directory contains the master P4 program as well as control rules and triggers of the introspection.
The connection directory contains the connection setup program for establish connections.
- Establish the RDMA connections(refer to
connection). - Compile the policy and generate the corresponding configuration files(refer to
compiler). - Configure the switch and run the program(refer to
switch).
We take libVMI for VM-based cloud as the baseline and use it to implement a set of introspection tasks as follows. Note that the libvmi_baseline directory contains the implemented libVMI based introspection tasks.
- vmi dump memory policy
- kernel module list policy
- process list policy
- credential list policy
- syscall table checker policy
- proc file ops checking policy
- open file checking policy
- netfilter checking policy
- tty checking policy
- vm area checking policy
- keyboad logger checking policy
- const structs checking policy
Some of the implementation used in this repo is based on existing open-source project, including redmark, Pythia, SCADET, Bedrock and some examples codes provided in Tofino switch SDE.
The code is released under the MIT License.
If you use our RDMI or related codes in your research, please cite our paper:
@inproceedings{liu2023remote,
title={Remote Direct Memory Introspection},
author={Liu, Hongyi and Xing, Jiarong and Huang, Yibo and Zhuo, Danyang and Devadas, Srinivas and Chen, Ang},
booktitle={32nd USENIX Security Symposium (USENIX Security 23)},
pages={6043--6060},
year={2023}
}[USENIX Security] Remote Direct Memory Introspection. Hongyi Liu, Jiarong Xing, and Yibo Huang, Rice University; Danyang Zhuo, Duke University; Srinivas Devadas, Massachusetts Institute of Technology; Ang Chen, Rice University. The 32nd USENIX Security Symposium, Anaheim, CA, USA, August 9–11, 2023.