Abstract
Remote code execution attacks against network devices become major challenges in securing networking environments. In this paper, we propose a detection framework against remote code execution attacks for closed source network devices using virtualization technologies. Without disturbing a target device in any way, our solution deploys an emulated device as a virtual machine (VM) instance running the same firmware image as the target in a way that ingress packets are mirrored to the emulated device. By doing so, remote code execution attacks mounted by maliciously crafted packets will be captured in memory of the VM. This way, our solution enables successful detection of any kind of intrusions that leaves memory footprints.
Highlights
The next-generation Internet drives a fundamental shift in the underlying networking architecture to enable dynamic deployment of applications in heterogeneous networks
Since internal states of a target and an emulated device are synchronized, all sort of remote code attacks that cause memory modification in a target device will be detected by memory integrity monitor
Since the proposed system has no dependency on any specific virtual machine manager (VMM), generality can be achieved
Summary
The next-generation Internet drives a fundamental shift in the underlying networking architecture to enable dynamic deployment of applications in heterogeneous networks. Virtualized network infrastructure introduces the idea of programmability in data plane of routers, which facilitates the dynamic deployment of applications and services [5,6]. In accordance with such technology trends, many networking hardware vendors provide virtual routers, such as. Implementing all layers of networking functions in virtual routers as software leads to the increase of vulnerabilities, which raises potential to compromise the network via a wide range of attack surfaces [7,8,9]. Once a router has been compromised, attackers may gain control over the entire network, and obtain sensitive information by eavesdropping forwarded packets. As observed from the exposure by former NSA contractor Edward
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
