Design of a secure packet processor
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Securing the data path of next-generation router systems
Computer Communications
| Hi-index | 0.00 |
Computer networks are vulnerable to attacks, where the network infrastructure itself is targeted. Emerging router designs, which use software-programmable embedded processors, increase the vulnerability to such attacks. We present the design of a Secure Packet Processing Platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in processing behavior. If such deviations are detected, a recovery system is invoked to restore the system into an operational state. Our preliminary results show that most attacks can be detected within a single instruction. The system overhead for secure monitoring is limited to a fraction of the overall space, memory, and power budget.