Title :
Design of a secure packet processor
Author :
Chasaki, Danai ; Wolf, Tilman
Author_Institution :
Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA
Abstract :
Programmability in the data path of routers provides the basis for modern router implementations that can adapt to new functional requirements. This programmability is typically achieved through software-programmable packet processing systems. One key concern with the proliferation of these programmable devices throughout the Internet is the potential impact of software vulnerabilities that can be exploited remotely. We present a design and proof-of-concept implementation of a packet processing system that uses two security techniques to defend against potential attacks: a processing monitor is used to track operations on each processor core to detect attacks at the processing instruction level; an I/O monitor is used to track operations of the router to detect attacks at the protocol level. Our prototype implementation on the NetFPGA system shows that these monitors can be implemented to operate at high data rates and with little additional hardware resources.
Keywords :
Internet; field programmable gate arrays; security of data; I-O monitor; Internet; NetFPGA system; instruction level processing; processing monitor; programmable devices; protocol level; secure packet processor design; software vulnerabilities; software-programmable packet processing systems; Computer crime; Hardware; Monitoring; Prototypes; Routing protocols; Design; Performance; Security;
Conference_Titel :
Architectures for Networking and Communications Systems (ANCS), 2010 ACM/IEEE Symposium on
Conference_Location :
La Jolla, CA
Print_ISBN :
978-1-4244-9127-8
Electronic_ISBN :
978-1-4503-0379-8
