Design of a Secure Router System for Next-Generation Networks

Author

Wolf, Tilman ; Tessier, Russell

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA

fYear

2009

fDate

19-21 Oct. 2009

Firstpage

52

Lastpage

59

Abstract

Computer networks are vulnerable to attacks, where the network infrastructure itself is targeted. Emerging router designs, which use software-programmable embedded processors, increase the vulnerability to such attacks. We present the design of a secure packet processing platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in processing behavior. If such deviations are detected, a recovery system is invoked to restore the system into an operational state. Our preliminary results show that most attacks can be detected within a single instruction. The system overhead for secure monitoring is limited to a fraction of the overall space, memory, and power budget.

Keywords

computer networks; microprocessor chips; monitoring; security of data; system recovery; telecommunication network routing; SPPP; attack detection; computer network; instruction detection system; instruction-level monitoring system; next-generation networks; recovery system; router design; secure packet processing platform; secure router system; software-programmable embedded processor; Computer architecture; Computer networks; Computer security; Data security; Hardware; IP networks; Monitoring; Next generation networking; Protection; Protocols; embedded processor; network security; processor monitor; router design;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and System Security, 2009. NSS '09. Third International Conference on

Conference_Location

Gold Coast, QLD

Print_ISBN

978-1-4244-5087-9

Electronic_ISBN

978-0-7695-3838-9

Type

conf

DOI

10.1109/NSS.2009.70

Filename

5318987