Scalable hardware monitors to protect network processors from data plane attacks

Modern router hardware in computer networks is based on programmable network processors, which implement various packet forwarding operations in software. These processor systems are vulnerable to attacks that can be launched entirely through the data plane of the network without any access to the control interface of the router. Prior work has shown that a single malformed UDP packet can take over a network processor running vulnerable packet processing software and trigger a devastating denial-of-service attack from within the network. One possible defense mechanism for these resource-constrained network processors is the use of hardware monitoring systems that track the operations of each processor core. Any deviation from programmed behavior indicates an attack and triggers reset and recovery actions. Such hardware monitors have been studied extensively for single processor cores, but network processors consist of dozens to hundreds of processors with highly dynamic workloads. In this paper, we present the design of a Scalable Hardware Monitoring Grid, which allows the dynamic sharing of hardware monitoring resources among processor cores. We show the scalability of our monitoring system to network processors with large numbers of cores. We also present a multicore prototype implementation of the monitoring system on an FPGA platform.