The design philosophy of the DARPA internet protocols
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
An Architectural Framework for Providing Reliability and Security Support
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
SAFE-OPS: An approach to embedded software security
ACM Transactions on Embedded Computing Systems (TECS)
Cryptography and Network Security (4th Edition)
Cryptography and Network Security (4th Edition)
Micro embedded monitoring for security in application specific instruction-set processors
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
IMPRES: integrated monitoring for processor reliability and security
Proceedings of the 43rd annual Design Automation Conference
NetFPGA--An Open Platform for Gigabit-Rate Network Switching and Routing
MSE '07 Proceedings of the 2007 IEEE International Conference on Microelectronic Systems Education
Hardware support for secure processing in embedded systems
Proceedings of the 44th annual Design Automation Conference
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
The New Front Line: Estonia under Cyberassault
IEEE Security and Privacy
A remotely accessible network processor-based router for network experimentation
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Data path credentials for high-performance capabilities-based networks
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
PdP: parallelizing data plane in virtual network substrate
Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures
Design of a Secure Router System for Next-Generation Networks
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Brave New World: Pervasive Insecurity of Embedded Network Devices
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Securing the data path of next-generation router systems
Computer Communications
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
"Roto-Rooting" your router: solution against new potential DoS attacks on modern routers
Proceedings of the ACM SIGCOMM 2011 conference
Inferring Packet Processing Behavior Using Input/Output Monitors
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Securing multi-core multi-threaded packet processors
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
Hi-index | 0.00 |
Programmability in the data path of routers provides the basis for modern router implementations that can adapt to new functional requirements. This programmability is typically achieved through software-programmable packet processing systems. One key concern with the proliferation of these programmable devices throughout the Internet is the potential impact of software vulnerabilities that can be exploited remotely. We present a design and proof-of-concept implementation of a packet processing system that uses two security techniques to defend against potential attacks: a processing monitor is used to track operations on each processor core to detect attacks at the processing instruction level; an I/O monitor is used to track operations of the router to detect attacks at the protocol level. Our prototype implementation on the NetFPGA system shows that these monitors can be implemented to operate at high data rates and with little additional hardware resources.