Overcoming performance collapse for 100Gbps cyber security

  • Authors:

  • Jordi Ros-Giralt;Bob Rotsted;Alan Commike

  • Affiliations:

  • Reservoir Labs, New York, New York, USA;Reservoir Labs, New York, New York, USA;Reservoir Labs, New York, New York, USA

  • Venue:
  • Proceedings of the first workshop on Changing landscapes in HPC security
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this paper, we present a series of performance tests carried out on R-Scope Dominate-T (RDT), a 1U network security appliance configured with four Tilera Gx-36 processors and with an aggregated network IO capacity of 160Gbps. RDT is optimized with several high-performance computing techniques. On the software side, RDT runs Linux and a modified version of Bro--the open source network security monitor developed by the International Computer Science Institute--optimized with (1) intelligent IDS-aware packet queuing, (2) Bro-programmable packet shunting, (3) zero-locking IPC data structures, and (4) layer-4 packet prioritization. On the hardware side, the system leverages a many-core architecture with (1) 144 cores servicing 16 x 10Gbps network interfaces, (2) an on-chip ASIC-assisted engine delivering packets directly to Bro at wire rates, and (3) core-programmable zero-overhead/zero-interrupt Linux. The objective of this work is to make a contribution towards maximizing the amount of cyber security intelligence that a system can detect per unit of cost, where cost includes the processing time, space, energy, and capital equipment expenses incurred to perform such detection.