Cited By
View all- Biswas A(2016)Source Authentication Techniques for Network-on-Chip Router Configuration PacketsACM Journal on Emerging Technologies in Computing Systems10.1145/299619413:2(1-31)Online publication date: 16-Nov-2016
System-Level Security for Network Processors with Hardware Monitors
Pages 1 - 6
Abstract
New attacks are emerging that target the Internet infrastructure. Modern routers use programmable network processors that may be exploited by merely sending suitably crafted data packets into a network. Hardware monitors that are co-located with processor cores can detect attacks that change processor behavior with high probability. In this paper, we present a solution to the problem of secure, dynamic installation of hardware monitoring graphs on these devices. We also address the problem of how to overcome the homogeneity of a network with many identical devices, where a successful attack, albeit possible only with small probability, may have devastating effects.
References
[1]
Arora, D., Ravi, S., Raghunathan, A., and Jha, N. K. Secure embedded processing through hardware-assisted run-time monitoring. In Proc. of the Design, Automation and Test in Europe Conference and Exhibition (DATE'05) (Munich, Germany, Mar. 2005), pp. 178--183.
[2]
Bomel, P., Crenne, J., Ye, L., Diguet, J.-P., and Gogniat, G. Ultra-fast downloading of partial bitstreams through Ethernet. In Proc. of the 22nd International Conference on Architecture of Computing Systems (ARCS) (Delft, The Netherlands, Mar. 2009), pp. 72--83.
[3]
Chasaki, D., and Wolf, T. Attacks and defenses in the data plane of networks. IEEE Transactions on Dependable and Secure Computing 9, 6 (Nov. 2012), 798--810.
[4]
Clough, J. Principles of Cybercrime. Cambridge University Press, June 2010.
[5]
Cui, A., Song, Y., Prabhu, P. V., and Stolfo, S. J. Brave new world: Pervasive insecurity of embedded network devices. In Proc. of 12th International Symposium on Recent Advances in Intrusion Detection (RAID) (Saint-Malo, France, Sept. 2009), vol. 5758 of Lecture Notes in Computer Science, pp. 378--380.
[6]
Geer, D. Malicious bots threaten network security. Computer 38, 1 (2005), 18--20.
[7]
Kumarapillai Chandrikakutty, H., Unnikrishnan, D., Tessier, R., and Wolf, T. High-performance hardware monitors to protect network processors from data plane attacks. In Proc. of 50th Design Automation Conference (DAC) (Austin, TX, June 2013).
[8]
Mao, S., and Wolf, T. Hardware support for secure processing in embedded systems. IEEE Transactions on Computers 59, 6 (June 2010), 847--854.
[9]
Merkle, R. C. Secrecy, Authentication, and Public Key Systems. PhD thesis, Stanford University, Stanford, CA, June 1979.
[10]
Mogul, J. C. Simple and flexible datagram access controls for UNIX-based gateways. In USENIX Conference Proceedings (Baltimore, MD, June 1989), pp. 203--221.
[11]
Ragel, R. G., and Parameswaran, S. IMPRES: integrated monitoring for processor reliability and security. In Proc. of the 43rd Annual Conference on Design Automation (DAC) (San Francisco, CA, USA, July 2006), pp. 502--505.
[12]
Roesch, M. Snort - lightweight intrusion detection for networks. In Proc. of the 13th USENIX Conference on System Administration (LISA) (Seattle, WA, Nov. 1999), pp. 229--238.
[13]
Wu, Q., and Wolf, T. Runtime task allocation in multi-core packet processing systems. IEEE Transactions on Parallel and Distributed Systems 23, 10 (oct 2012), 1934--1943.
- System-Level Security for Network Processors with Hardware Monitors
Recommendations
Securing Network Processors with High-Performance Hardware Monitors
As the Internet becomes integrated into nearly all aspects of everyday life, its reliability grows in importance. This vital communication resource, which has become an inviting target for attackers, must be protected with the same vigor as the end-...
High-performance hardware monitors to protect network processors from data plane attacks
DAC '13: Proceedings of the 50th Annual Design Automation ConferenceThe Internet represents an essential communication infrastructure that needs to be protected from malicious attacks. Modern network routers are typically implemented using embedded multi-core network processors that are inherently vulnerable to attack. ...
Memory-level parallelism aware fetch policies for simultaneous multithreading processors
A thread executing on a simultaneous multithreading (SMT) processor that experiences a long-latency load will eventually stall while holding execution resources. Existing long-latency load aware SMT fetch policies limit the amount of resources allocated ...
Comments
Information & Contributors
Information
Published In
June 2014
1249 pages
ISBN:9781450327305
DOI:10.1145/2593069
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- EDAC: Electronic Design Automation Consortium
- SIGBED: ACM Special Interest Group on Embedded Systems
- SIGDA: ACM Special Interest Group on Design Automation
- IEEE-CEDA
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 June 2014
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
DAC '14
Acceptance Rates
Overall Acceptance Rate 1,770 of 5,499 submissions, 32%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 168Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 27 Feb 2025
Other Metrics
Citations
Cited By
View all- Biswas A(2016)Source Authentication Techniques for Network-on-Chip Router Configuration PacketsACM Journal on Emerging Technologies in Computing Systems10.1145/299619413:2(1-31)Online publication date: 16-Nov-2016
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in