Dynamic Hardware Monitors for Network Processor Protection
| Autor: | Zachary Goodman, Kekai Hu, Russell Tessier, Tilman Wolf, Harikrishnan Kumarapillai Chandrikakutty |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Router
021110 strategic defence & security studies Multi-core processor business.industry Computer science Network security Network processor 0211 other engineering and technologies Throughput 02 engineering and technology computer.software_genre 020202 computer hardware & architecture Theoretical Computer Science Computational Theory and Mathematics Hardware and Architecture Embedded system Scalability 0202 electrical engineering electronic engineering information engineering Forwarding plane Operating system business Field-programmable gate array computer Software Computer hardware |
| Zdroj: | IEEE Transactions on Computers. 65:860-872 |
| ISSN: | 0018-9340 |
| DOI: | 10.1109/tc.2015.2435750 |
| Popis: | The importance of the Internet for society is increasing. To ensure a functional Internet, its routers need to operate correctly. However, the need for router flexibility has led to the use of software-programmable network processors in routers, which exposes these systems to data plane attacks. Recently, hardware monitors have been introduced into network processors to verify the expected behavior of processor cores at run time. If instruction-level execution deviates from the expected sequence, an attack is identified, triggering processor core recovery efforts. In this manuscript, we describe a scalable network processor monitoring system that supports the reallocation of hardware monitors to processor cores in response to workload changes. The scalability of our monitoring architecture is demonstrated using theoretical models, simulation, and router system-level experiments implemented on an FPGA-based hardware platform. For a system with four processor cores and six monitors, the monitors result in a 6 percent logic and 38 percent memory bit overhead versus the processor’s core logic and instruction storage. No slowdown of system throughput due to monitoring is reported. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|