Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
NpBench: A Benchmark Suite for Control plane and Data plane Applications for Network Processors
ICCD '03 Proceedings of the 21st International Conference on Computer Design
Secure Embedded Processing through Hardware-Assisted Run-Time Monitoring
Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
SAFE-OPS: An approach to embedded software security
ACM Transactions on Embedded Computing Systems (TECS)
Proceedings of the 12th ACM conference on Computer and communications security
IMPRES: integrated monitoring for processor reliability and security
Proceedings of the 43rd annual Design Automation Conference
Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Code injection attacks on harvard-architecture devices
Proceedings of the 15th ACM conference on Computer and communications security
Brave New World: Pervasive Insecurity of Embedded Network Devices
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Hardware Support for Secure Processing in Embedded Systems
IEEE Transactions on Computers
Attacks and Defenses in the Data Plane of Networks
IEEE Transactions on Dependable and Secure Computing
| Hi-index | 0.00 |
The Internet represents an essential communication infrastructure that needs to be protected from malicious attacks. Modern network routers are typically implemented using embedded multi-core network processors that are inherently vulnerable to attack. Hardware monitor subsystems, which can verify the behavior of a router's packet processing system at runtime, can be used to identify and respond to an ever-changing range of attacks. While hardware monitors have primarily been described in the context of general-purpose computing, our work focuses on two important aspects that are relevant to the embedded networking domain: We present the design and prototype implementation of a high-performance monitor that can track each processor instruction with low memory overhead. Additionally, our monitor is capable of defending against attacks on processors with a Harvard architecture, the dominant contemporary network processor organization. We demonstrate that our monitor architecture provides no network slowdown in the absence of an attack and provides the capability to drop attack packets without otherwise affecting regular network traffic when an attack occurs.