Filters








27,448 Hits in 4.4 sec

Design of a secure packet processor

Danai Chasaki, Tilman Wolf
2010 Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems - ANCS '10  
We present a design and proof-of-concept implementation of a packet processing system that uses two security techniques to defend against potential attacks: a processing monitor is used to track operations  ...  on each processor core to detect attacks at the processing instruction level; an I/O monitor is used to track operations of the router to detect attacks at the protocol level.  ...  In this paper, we present a design and results from a prototype implementation of a secure packet processor.  ... 
doi:10.1145/1872007.1872011 dblp:conf/ancs/ChasakiW10 fatcat:6odjonm4szfk3h6ktlxcjclk2a

Making the gigabit IPsec VPN architecture secure

R. Friend
2004 Computer  
These devices also create a less efficient data movement architecture. Further, with a lookaside architecture, VPN designers take on more of the security design risk.  ...  While it would provide the same processor offload and development reduction benefits and the same level of integration of a flow-through device with a reduced pin count, this design would require fewer  ... 
doi:10.1109/mc.2004.30 fatcat:wbd7coplxrfm5aqnuuuqr5fxcy

"Roto-Rooting" your router

Danai Chasaki
2011 Computer communication review  
We describe a specific attack that can launch a devastating denial-of-service attack by sending just a single packet.  ...  Modern routers use general purpose programmable processors, and the software used for packet processing on these systems is potentially vulnerable to remote exploits.  ...  DEFENSE MECHANISM To defend against this type of attack on the packet processing systems of routers, we proposed a secure packet processor design [1] .  ... 
doi:10.1145/2043164.2018486 fatcat:aow5xxrzfjg2tchvlbmbn4wgdu

"Roto-Rooting" your router

Danai Chasaki
2011 Proceedings of the ACM SIGCOMM 2011 conference on SIGCOMM - SIGCOMM '11  
We describe a specific attack that can launch a devastating denial-of-service attack by sending just a single packet.  ...  Modern routers use general purpose programmable processors, and the software used for packet processing on these systems is potentially vulnerable to remote exploits.  ...  DEFENSE MECHANISM To defend against this type of attack on the packet processing systems of routers, we proposed a secure packet processor design [1] .  ... 
doi:10.1145/2018436.2018486 dblp:conf/sigcomm/Chasaki11 fatcat:hu3kulnk7fdpfbhgm36rrcl4ha

InvisiMem

Shaizeen Aga, Satish Narayanasamy
2017 SIGARCH Computer Architecture News  
We demonstrate that InvisiMem designs have one to two orders of magnitude of lower overheads for performance, space, energy, and memory bandwidth, compared to prior solutions.  ...  A practically feasible low-overhead hardware design that provides strong defenses against memory bus side channel remains elusive.  ...  This work was supported in part by the NSF under the CAREER-1149773 and SHF-1527301 awards and by C-FAR, one of the six SRC STARnet Centers, sponsored by MARCO and DARPA.  ... 
doi:10.1145/3140659.3080232 fatcat:56pwkqil3be73hcfgrhgvttzii

Adaptive security monitoring for next-generation routers

Christopher Mansour, Danai Chasaki
2019 EURASIP Journal on Embedded Systems  
of the processor.  ...  In this paper, we address this problem by proposing a novel approach to verify the correct operation of the network processor.  ...  Availability of data and materials Please contact authors for data requests. Authors' contributions DC conceived of the study and its design and coordinated and helped to draft the manuscript.  ... 
doi:10.1186/s13639-018-0087-0 fatcat:5y5eolfa5jaoxkhmldxh7pd644

Current Status of Network Processors

Neha Jain, Manoj Kumar Jain
2014 International Journal of Computer Applications  
Number of internet users is increasing day by day. Demands for new application are also increasing. It is possible to create a network processor based on user's demands.  ...  ASIP or application specific instruction set processor .are designed for a set of specific application.  ...  In conventional multicore processors each core runs a sequence of instructions with associated data, but in Bay designs the packet data move from one core to another.  ... 
doi:10.5120/17239-7573 fatcat:m224btgssjakxfi5y6qagvasom

Design of a Secure Router System for Next-Generation Networks

Tilman Wolf, Russell Tessier
2009 2009 Third International Conference on Network and System Security  
We present the design of a Secure Packet Processing Platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in processing behavior.  ...  Index Terms-network security, router design, embedded processor, processor monitor • Address Pattern: The address of an instruction is a unique indicator, but it does not contain any information about  ...  SYSTEM ARCHITECTURE The goal of our work is to design a secure packet processing platform (SPPP) for next-generation Internet routers.  ... 
doi:10.1109/nss.2009.70 dblp:conf/nss/WolfT09 fatcat:k2klp5qehzgztimxig5frfx5i4

Attacks and Defenses in the Data Plane of Networks

Danai Chasaki, Tilman Wolf
2012 IEEE Transactions on Dependable and Secure Computing  
We also present a hardware-based defense mechanism that can detect situations where malicious packets try to change the operation of the network processor.  ...  This attack uses only a single attack packet to consume the full link bandwidth of the router's outgoing link.  ...  The use of programmable packet processors is at the core of many future Internet designs (e.g., network virtualization [7] , [18] ).  ... 
doi:10.1109/tdsc.2012.50 fatcat:yum5qyigl5ehzbvdgbyzjz757q

Securing the data path of next-generation router systems

Tilman Wolf, Russell Tessier, Gayatri Prabhu
2011 Computer Communications  
To address this issue, a Secure Packet Processing platform has been developed that can flexibly protect emerging router systems.  ...  Overall, the system overhead for secure monitoring is limited to a fraction of the overall system space, memory, and power budget.  ...  The throughput performance of around 10 Gigabits per second is sufficient to support state-of-the-art core routers and thus show that the presented architecture is a feasible approach to securing the data  ... 
doi:10.1016/j.comcom.2010.03.019 fatcat:5nvtlqs65nalficpbdhwmdrwge

Domain-specific codesign for embedded security

P. Schaumont, I. Verbauwhede
2003 Computer  
Acknowledgments The US National Science Foundation (grant #0098361) and a 2002 Design Automation Conference Graduate Research Fellowship supported this work.  ...  SYSTEM DESIGN Effective security support is a system design problem that needs an integrated approach.  ...  domain with multiple layers of design abstraction, and a complete system as a codesign of domains (security, networking, and graphics, for example) rather than a codesign of implementations (such as hardware  ... 
doi:10.1109/mc.2003.1193231 fatcat:dmtzwidi3fa5rl4v5fapfj4hnu

Efficient software architecture for IPSec acceleration using a programmable security processor

Janar Thoguluva, Anand Raghunathan, Srimat T. Chakradhar
2008 Proceedings of the conference on Design, automation and test in Europe - DATE '08  
In this paper, we describe an efficient software architecture for IPSec crypto offloading on a state-of-the-art mobile application processor system-on-chip (SoC) that includes a programmable security processor  ...  However, realizing the performance promised by them requires the design of efficient software architectures for crypto offloading (offloading cryptographic operations from a host processor).  ...  of cryptographic algorithms encapsulated in a secure computational kernel on the security processor.  ... 
doi:10.1145/1403375.1403656 fatcat:qbmj4ajes5hefghj6jrplvaola

Efficient Software Architecture for IPSec Acceleration Using a Programmable Security Processor

Janar Thoguluva, Anand Raghunathan, Srimat T. Chakradhar
2008 2008 Design, Automation and Test in Europe  
In this paper, we describe an efficient software architecture for IPSec crypto offloading on a state-of-the-art mobile application processor system-on-chip (SoC) that includes a programmable security processor  ...  However, realizing the performance promised by them requires the design of efficient software architectures for crypto offloading (offloading cryptographic operations from a host processor).  ...  of cryptographic algorithms encapsulated in a secure computational kernel on the security processor.  ... 
doi:10.1109/date.2008.4484833 dblp:conf/date/ThoguluvaRC08 fatcat:2pwrajaayffkleowv6jyxqhbku

Supporting flexible streaming media protection through privacy-aware secure processors

Youtao Zhang, Jun Yang, Lan Gao
2009 Computers & electrical engineering  
The emerging secure processor designs provide a new direction for hardware assisted streaming media protection (H-SMP).  ...  The research in the computer architecture community has shown that secure processors can help to defend various types of attacks such as those with a hijacked and malicious OS.  ...  Figure 4 illustrates the architectural components of our privacy-aware secure processor design. It consists of seven secure registers and a security management function unit.  ... 
doi:10.1016/j.compeleceng.2008.06.001 fatcat:6dgl2nl4njhhzmeqgrpgbg7wry

Design Universal Security Scheme for Broadband Router

Xiaozhuo Gu, Jianzu Yang
2010 International Journal of Network Security  
Taking account of defections existed in general methods of implementing IP security (IPsec) in broadband routers, a secure scheme based on fast path and slow path of routers was put forward.  ...  The scheme was tested in SR1880s, and testing results showed that the proposed scheme can satisfy the security needs of broadband router.  ...  However, letting all the packets passing through the security processor aggravates the workloads of security processor.  ... 
dblp:journals/ijnsec/GuY10 fatcat:xzadim6qmzejvdihmghkz5wbia
« Previous Showing results 1 — 15 out of 27,448 results