A paper authored by four researchers from the Electrical and Computer Engineering Department – graduate student Kekai Hu, former graduate student Harikrishnan Chandrikakutty, and Professors Russell Tessier and Tilman Wolf – won the Best Paper Award at the First Institute of Electrical and Electronics Engineers (IEEE) Conference on Communications and Network Security (http://www.cnsr.ictas.vt.edu/IEEE-CNS/index.html). The paper is entitled “Scalable Hardware Monitors to Protect Network Processors from Data Plane Attacks.” The conference had 141 paper submissions, of which 40 were accepted for presentation.
As the abstract of the paper explains, modern router hardware in computer networks is based on programmable network processors, which implement various packet forwarding operations in software. These processor systems are vulnerable to attacks that can be launched entirely through the data plane of the network without any access to the control interface of the router. Prior work has shown that a single malformed UDP packet can take over a network processor running vulnerable packet processing software and trigger a devastating denial-of-service attack from within the network.
One possible defense mechanism for these resource constrained network processors is the use of hardware monitoring systems that track the operations of each processor core, the abstract explains. Any deviation from programmed behavior indicates an attack and triggers reset and recovery actions. Such hardware monitors have been studied extensively for single processor cores, but network processors consist of dozens to hundreds of processors with highly dynamic workloads.
“In this paper, we present the design of a Scalable Hardware Monitoring Grid, which allows the dynamic sharing of hardware monitoring resources among processor cores,” the abstract summarizes the research covered in this paper. “We show the scalability of our monitoring system to network processors with large numbers of cores. We also present a multicore prototype implementation of the monitoring system on an FPGA platform.”
As a leading professional society focusing on communications technologies, the IEEE Communications Society (ComSoc) has identified the need for a high-quality security conference that would focus on communications-oriented aspects of security. IEEE ComSoc has thus decided to launch a new conference dedicated to Communications and Network Security. This new conference is positioned to be a core ComSoc conference (at a level comparable to IEEE INFOCOM) and will serve as a premier forum for communications and network security researchers, practitioners, policy makers, and users to exchange ideas, techniques, and tools, raise awareness, and share experience related to security and privacy. (October 2013)