Instant attack stopper in InfiniBand architecture

With the growing popularity of cluster architectures in datacenters and the sophistication of computer attacks, the design of highly secure clusters has recently emerged as a critical design issue. However, the majority of cluster security research has focused on how to detect and prevent attacks rather than on how to minimize the effect of attacks once detected. The action against detected attacks in the cluster is as important as the actual detection process since no detection mechanism is full-proof in its ability to protect cluster systems without the effective cluster-wide reaction. In this paper, we propose a scheme, referred to as the instant attack stopper (IAS) that can instantly confront security attacks in a cluster. Specifically we provide detailed implementation methods of IAS in InfiniBand architecture (IBA) - a new promising communication standard for future system area networks (SANs) and clusters. IAS focuses on removing malicious communication on the IBA fabric among processes involved in an attack, which is accomplished through the proposed security management agent (SeMA). We will show IAS deployment in different security levels to meet various security requirements.