Kekai Hu scite author profile

Kekai Hu

5Publications

5Citation Statements Received

94Citation Statements Given

How they've been cited

How they cite others

Affiliations

Intel (United States), University of Massachusetts Amherst

Publications

Order By: Most citations

A Mathematical Modeling of Exploitations and Mitigation Techniques Using Set Theory

Branco

Kawakami

et al. 2018

View full text Add to dashboard Cite

One of the most challenging problems in computer security is formalization of vulnerabilities, exploits, mitigations and their relationship. In spite of various existing researches and theories, a mathematical model that can be used to quantitatively represent and analyze exploit complexity and mitigation effectiveness is still in absence.In this work, we introduce a novel way of modeling exploits and mitigation techniques with mathematical concepts from set theory and big O notation. The proposed model establishes formulaic relationships between exploit primitives and exploit objectives, and enables the quantitative evaluation of vulnerabilities and security features in a system. We demonstrate the application of this model with two real world mitigation techniques. It serves as the first step toward a comprehensive mathematical understanding and modeling of exploitations and mitigations, which will largely benefit and facilitate the practice of system security assessment.

show abstract

Dynamic Hardware Monitors for Network Processor Protection

Chandrikakutty

Goodman

et al. 2016

IEEE Trans. Comput.

View full text Add to dashboard Cite

The importance of the Internet for society is increasing. To ensure a functional Internet, its routers need to operate correctly. However, the need for router flexibility has led to the use of softwareprogrammable network processors in routers, which exposes these systems to data plane attacks. Recently, hardware monitors have been introduced into network processors to verify the expected behavior of processor cores at run time. If instruction-level execution deviates from the expected sequence, an attack is identified, triggering processor core recovery efforts. In this manuscript, we describe a scalable network processor monitoring system that supports the reallocation of hardware monitors to processor cores in response to workload changes. The scalability of our monitoring architecture is demonstrated using theoretical models, simulation, and router system-level experiments implemented on an FPGA-based hardware platform. For a system with four processor cores and six monitors, the monitors result in a 6% logic and 38% memory bit overhead versus the processor's core logic and instruction storage. No slowdown of system throughput due to monitoring is reported.Index Terms-network security, network infrastructure, data plane attack, hardware monitor, multicore processor, FPGA 0018-9340 (c)

show abstract

System-Level Security for Network Processors with Hardware Monitors

Wolf

Teixeira

et al. 2014

View full text Add to dashboard Cite

New attacks are emerging that target the Internet infrastructure. Modern routers use programmable network processors that may be exploited by merely sending suitably crafted data packets into a network. Hardware monitors that are co-located with processor cores can detect attacks that change processor behavior with high probability. In this paper, we present a solution to the problem of secure, dynamic installation of hardware monitoring graphs on these devices. We also address the problem of how to overcome the homogeneity of a network with many identical devices, where a successful attack, albeit possible only with small probability, may have devastating effects.

show abstract

A Viterbi decoder memory management system using forward traceback and all-path traceback

Hu¹,

Caldwell²,

Lin³

View full text Add to dashboard Cite

Register Exchange (RE) and Traceback (TB) are the two known memory organization methods used by a Viterbi decoder. This paper describes a new traceback technique that utilizes a novel forward tracing algorithm, which can greatly cut down the latency at minimal hardware cost. The new technique is compared with the conventional traceback algorithm. As an example, the architecture design implementing this new traceback technique for a Grand Aliance HDTV Viterbi decoder is described. System level simulation verified the new traceback technique.

show abstract

High-performance implementation of in-network traffic pacing for small-buffer networks

Hanay

Dwaraki

et al. 2013

Computer Communications

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kekai Hu

A Mathematical Modeling of Exploitations and Mitigation Techniques Using Set Theory

Dynamic Hardware Monitors for Network Processor Protection

System-Level Security for Network Processors with Hardware Monitors

A Viterbi decoder memory management system using forward traceback and all-path traceback

High-performance implementation of in-network traffic pacing for small-buffer networks

Contact Info

Product

Resources

About