COMMSEC: Creating an Isolated Data Center Security Policy Model Using SmartNICs


Data-center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.

We will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. A SmartNIC-based data-center security model features more robust isolation of responsibilities, superior offload capabilities, and significantly better scaling.

To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models. We will performing a live demo of a new innovative technique for host introspection that removed common dependencies on the host compute.

Location: Track 4 / CommSec Date: April 12, 2018 Time: 2:00 pm - 3:00 pm Ofir Arkin