A Hardware-based Architecture to Support Flexible Real-Time Parallel Intrusion Detection

Providing security in today´s complex computing systems is a daunting task. As systems (of systems) grow both increasingly pervasive and complex, defending them from attack or mischance at the systems of systems level becomes ever more challenging. We propose moving some security monitoring tasks from software to hardware which will allow real time detection of intrusions and errors. Our flexible architecture uses re configurable logic (such as field programmable gate arrays (FPGAs)) and operates in parallel with a general purpose computing environment. To that end, new hardware primitives are proposed that allow for gathering and monitoring the state of the main processor transparently (that is, the main processor is unaware of the monitoring) in real time. The result is a decrease in workload for the main processor while enhancing security. The monitoring primitives are tightly coupled with the monitored software, and can readily and automatically respond to changes in system characteristics such as new software applications or devices. By focusing on specific system components, including their interface with other system components, we believe we can enhance system of system security in ways not readily achievable using conventional, system-wide monitoring techniques.