Algorithms on strings, trees, and sequences: computer science and computational biology
Algorithms on strings, trees, and sequences: computer science and computational biology
High performance RDMA-based MPI implementation over InfiniBand
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Impact of PCI-Bus Load on Applications in a PC Architecture
RTSS '03 Proceedings of the 24th IEEE International Real-Time Systems Symposium
Detecting Anomalies in High-Performance Parallel Programs
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Hi-index | 0.00 |
This paper describes the implementation of a coprocessor platform for scanning workstation memory in order to detect signatures of malicious codes. The coprocessor is especially beneficial in clusters of workstations used for high performance computing where the overhead imposed by software-based intrusion detection codes is unacceptable. The coprocessor connects to the host via the PCI bus and accesses the host's memory using bus mastering DMA.The coprocessor interprets the host's virtual memory data structures in order to fetch page frames associated with specific processes into local memory. Once a set of page frames is in local memory, the coprocessor searches the memory content for signatures of known malicious codes. The coprocessor implementation requires no modification to the kernel code. Furthermore, the coprocessor software only requires a small set of initialization data during system bootup. After this initialization, the coprocessor operates independently from the host's processors.Empirical analysis of prototype coprocessor implementation demonstrates the effectiveness of the coprocessor in detecting malicious codes without intervention from the host processor. The additional memory bus traffic generated by the coprocessor causes a small performance reduction, especially for software that does not make effective use of the host processor's cache. Conversely, the impact of the coprocessor induced PCI traffic is negligible on I/O bound applications.