System-Level Security for Network Processors with Hardware Monitors

Hu, Kekai; Wolf, Tilman; Teixeira, Thiago; Tessier, Russell

doi:10.1145/2593069.2593226

Cited by 10 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The symmetric key is provided by the network operator securely to the TPM by encrypting it asymmetrically with the TPM's public key. Using this approach, an attacker The details of the installation and verification process, including a detailed security analysis, are presented in [21].…”

Section: Architecture Of Scalable Hardware Monitoring Gridmentioning

confidence: 99%

Dynamic Hardware Monitors for Network Processor Protection

Chandrikakutty

Goodman

et al. 2016

IEEE Trans. Comput.

Self Cite

View full text Add to dashboard Cite

The importance of the Internet for society is increasing. To ensure a functional Internet, its routers need to operate correctly. However, the need for router flexibility has led to the use of softwareprogrammable network processors in routers, which exposes these systems to data plane attacks. Recently, hardware monitors have been introduced into network processors to verify the expected behavior of processor cores at run time. If instruction-level execution deviates from the expected sequence, an attack is identified, triggering processor core recovery efforts. In this manuscript, we describe a scalable network processor monitoring system that supports the reallocation of hardware monitors to processor cores in response to workload changes. The scalability of our monitoring architecture is demonstrated using theoretical models, simulation, and router system-level experiments implemented on an FPGA-based hardware platform. For a system with four processor cores and six monitors, the monitors result in a 6% logic and 38% memory bit overhead versus the processor's core logic and instruction storage. No slowdown of system throughput due to monitoring is reported.Index Terms-network security, network infrastructure, data plane attack, hardware monitor, multicore processor, FPGA 0018-9340 (c)

show abstract

Section: Architecture Of Scalable Hardware Monitoring Gridmentioning

confidence: 99%