IMDEA Networks Institute Publications Repository

High-performance hardware monitors to protect network processors from data plane attacks

Kumarapillai Chandrikakutty, Harikrishnan and Unnikrishnan, Deepak and Tessier, Russell and Wolf, Tilman (2012) High-performance hardware monitors to protect network processors from data plane attacks. In: The 49th ACM/EDAC/IEEE Design Automation Conference (ACM/EDAC/IEEE DAC 2012), 2-6 June, 2012, Austin, Texas.

[img]
Preview
PDF (High-performance hardware monitors to protect network processors from data plane attacks.) - Published Version
Download (223Kb) | Preview

Abstract

The Internet represents an essential communication infrastructure that needs to be protected from malicious attacks. Modern network routers are typically implemented using embedded multi-core network processors that are inherently vulnerable to attack. Hardware monitor subsystems, which can verify the behavior of a router's packet processing system at runtime, can be used to identify and respond to an ever-changing range of attacks. While hardware monitors have primarily been described in the context of general-purpose computing, our work focuses on two important aspects that are relevant to the embedded networking domain: We present the design and prototype implementation of a high-performance monitor that can track each processor instruction with low memory overhead. Additionally, our monitor is capable of defending against attacks on processors with a Harvard architecture, the dominant contemporary network processor organization. We demonstrate that our monitor architecture provides no network slowdown in the absence of an attack and provides the capability to drop attack packets without otherwise affecting regular network traffic when an attack occurs.

Item Type: Conference or Workshop Papers (Paper)
Additional Information: http://dx.doi.org/10.1145/2463209.2488832
Subjects: Q Science > Q Science (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > T Technology (General)
T Technology > TA Engineering (General). Civil engineering (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Faculty of Engineering, Science and Mathematics > School of Electronics and Computer Science
Depositing User: Rebeca De Miguel
Date Deposited: 22 Apr 2013 13:45
Last Modified: 03 Dec 2014 08:49
URI: http://eprints.networks.imdea.org/id/eprint/488

Actions (login required)

View Item View Item