Janus: Enabling Expressive and Efficient ACLs in High-speed RDMA Clouds
Ziteng Chen
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Distributed Systems
As public cloud vendors increasingly deploy **RDMA (Remote Direct Memory Access)** networking for high-performance workloads such as AI training, inference, and distributed storage, a critical security gap has emerged: traditional access control lists (ACLs) designed for TCP/IP traffic cannot adequately express or enforce security policies for RDMA environments. This talk introduces **Janus**, a new ACL paradigm that provides both expressive QP-semantics-aware policy language and line-rate hardware enforcement using NVIDIA BlueField-3 DPUs, achieving **200 Gbps throughput** with sub-5-microsecond latency.
AI review
A systems-level contribution introducing QP-semantics-aware ACLs for RDMA clouds on NVIDIA BlueField-3 DPUs. While the problem is real -- RDMA traffic bypasses traditional ACL enforcement entirely -- the talk stays firmly in network engineering territory with no offensive security content, no vulnerability demonstration, and no novel attack technique.