Title :
Design of a Secure Router System for Next-Generation Networks
Author :
Wolf, Tilman ; Tessier, Russell
Author_Institution :
Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA
Abstract :
Computer networks are vulnerable to attacks, where the network infrastructure itself is targeted. Emerging router designs, which use software-programmable embedded processors, increase the vulnerability to such attacks. We present the design of a secure packet processing platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in processing behavior. If such deviations are detected, a recovery system is invoked to restore the system into an operational state. Our preliminary results show that most attacks can be detected within a single instruction. The system overhead for secure monitoring is limited to a fraction of the overall space, memory, and power budget.
Keywords :
computer networks; microprocessor chips; monitoring; security of data; system recovery; telecommunication network routing; SPPP; attack detection; computer network; instruction detection system; instruction-level monitoring system; next-generation networks; recovery system; router design; secure packet processing platform; secure router system; software-programmable embedded processor; Computer architecture; Computer networks; Computer security; Data security; Hardware; IP networks; Monitoring; Next generation networking; Protection; Protocols; embedded processor; network security; processor monitor; router design;
Conference_Titel :
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4244-5087-9
Electronic_ISBN :
978-0-7695-3838-9
DOI :
10.1109/NSS.2009.70
