Abstract
In today’s Internet, modern routers rely on high-performance reliable general-purpose multi-core packet processing systems in order to support the flexibility and the plethora of protocol operations and applications. These processing systems are programmable and have replaced the traditional-fixed logic ASICs in the data path of such routers. Hence, lots of vulnerabilities and faults are introduced as the result of such programmability making the systems susceptible to attacks and failures. Particularly, it is a difficult task to detect whether a processing core behaves correctly, or it has a failure resulting from errors or attacks. In this paper, we address this problem by proposing a novel approach to verify the correct operation of the network processor. We propose a secure, fault-tolerant, and reliable monitoring subsystem which functions in parallel with the processing core of the router and aids in the detection of attacks changing the processing behavior of the processor. We prove experimentally that our system has the ability to detect the malicious activity and securely restore the router’s operation to a different, but functionally equivalent, state. We also show experimentally that our approach has a better efficiency when compared with other existing work.
Highlights
The size, diversity, and complexity of modern networks continue to increase resulting in the development of new protocol and communication paradigms, such as content-addressable networks, that need to be deployed in order to improve the network operation
5 Evaluation we evaluate our design in two different scenarios: (i) an attack scenario in which the processor deviates from the expected behavior and will be detected by our monitor and (ii) an instruction memory modification scenario which will be detected during the loading phase through the integrity checking mechanism
6 Conclusion The use of routers equipped with general-purpose processing engines and executing software-based packet processing is becoming more prevalent in the Internet
Summary
The size, diversity, and complexity of modern networks continue to increase resulting in the development of new protocol and communication paradigms, such as content-addressable networks, that need to be deployed in order to improve the network operation. We present a new hardware monitoring system that can co-exist with the networking processor, check its execution trace, and detect unusual activities based on the instruction execution flow. The existence of the hardware monitor detects the abnormal packets and initiates a fast and secure recovery process.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
