The design philosophy of the DARPA internet protocols
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
The X-Kernel: An Architecture for Implementing Network Protocols
IEEE Transactions on Software Engineering
A system for constructing configurable high-level protocols
SIGCOMM '95 Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Towards an active network architecture
ACM SIGCOMM Computer Communication Review
PLAN: a packet language for active networks
ICFP '98 Proceedings of the third ACM SIGPLAN international conference on Functional programming
Denial of Service in Sensor Networks
Computer
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Defending Embedded Systems Against Buffer Overflow via Hardware/Software
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Tamper Resistance Mechanisms for Secure, Embedded Systems
VLSID '04 Proceedings of the 17th International Conference on VLSI Design
An Architectural Framework for Providing Reliability and Security Support
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
SAFE-OPS: An approach to embedded software security
ACM Transactions on Embedded Computing Systems (TECS)
Micro embedded monitoring for security in application specific instruction-set processors
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Proceedings of the 12th ACM conference on Computer and communications security
MiBench: A free, commercially representative embedded benchmark suite
WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop
IMPRES: integrated monitoring for processor reliability and security
Proceedings of the 43rd annual Design Automation Conference
In VINI veritas: realistic and controlled network experimentation
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Flooding attacks by exploiting persistent forwarding loops
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Internet clean-slate design: what and why?
ACM SIGCOMM Computer Communication Review
Hardware support for secure processing in embedded systems
Proceedings of the 44th annual Design Automation Conference
Supercharging planetlab: a high performance, multi-application, overlay network platform
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Software-Based Failure Detection and Recovery in Programmable Network Interfaces
IEEE Transactions on Parallel and Distributed Systems
Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
On runtime management in multi-core packet processing systems
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Design of a Secure Router System for Next-Generation Networks
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Brave New World: Pervasive Insecurity of Embedded Network Devices
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Performance of FPGA implementation of bit-split architecture for intrusion detection systems
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
An FPGA-Based Network Intrusion Detection Architecture
IEEE Transactions on Information Forensics and Security
Design of a secure packet processor
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
| Hi-index | 0.24 |
As the technology used to implement computer network infrastructure advances, networking resources are becoming more vulnerable to attack. Recent router designs are based on general-purpose programmable processors, which increase their potential vulnerability. To address this issue, a Secure Packet Processing platform has been developed that can flexibly protect emerging router systems. Both instruction-level operation of embedded processors and I/O operations of router ports are monitored to detect anomalous behavior. If such behavior is detected, a recovery system is invoked to restore the system into an operational state. Experimental results show that processor-based attacks can generally be determined by a processing monitor within a single instruction. I/O anomalies, including unexpected packet broadcast or delay, can be detected by an I/O monitor with limited overhead. Overall, the system overhead for secure monitoring is limited to a fraction of the overall system space, memory, and power budget.