1 / 13

Course: CS895 Advisor: Dr. Ravi Mukkamala Speaker: Weiying Zhu Date: 03/17/2004

Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware By John W. Lockwood, et al. Course: CS895 Advisor: Dr. Ravi Mukkamala Speaker: Weiying Zhu Date: 03/17/2004. Table of Contents. Introduction Intelligent Gateway Devices System Architecture Reprogrammable Logic

shalom
Download Presentation

Course: CS895 Advisor: Dr. Ravi Mukkamala Speaker: Weiying Zhu Date: 03/17/2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Worm and Virus Protection in Dynamically Reconfigurable HardwareBy John W. Lockwood, et al Course: CS895 Advisor: Dr. Ravi Mukkamala Speaker: Weiying Zhu Date: 03/17/2004

  2. Table of Contents • Introduction • Intelligent Gateway Devices • System Architecture • Reprogrammable Logic • Conclusions • References

  3. Introduction • Malicious software (malware): a computer virus, an Internet worm, or a hybrid that contains elements of both. • Weakness of End-System Protection: • Most malwares go undetected until they cause harm on an en-user’s computer. • Individuals tend to ignore warnings about installing new protection software and the latest security updates. • Systems are not always patched immediately, and anti-virus programs are not kept up to date.

  4. Intelligent Gateway Devices • Existing Firewalls. • They examine only the packet headers. However, many malwares transport over trusted services. • Intrusion detection & prevention systems. • They search for predefined signatures belonging to malwares by scanning the packet payloads. • Software-based scanners: not fast-enough to monitor all traffic on a high-speed link. • Hardware-based scanners: can make use of parallelism to perform deep packet inspection with high throughput. • Programmable Logic Devices (PLDs): provide the flexibility and performance to scan for regular expressions within a high-speed network.

  5. System Architecture • System components • Data Enabling Device (DED) – Scan packets. • Its heart is FPX, which consists of a module implemented in FPGA hardware that scans the content of Internet packets at Gigabit per second rates. • It’s installed at key traffic aggregation points of networks, as well as on the backbone. • Content Matching Server (CMS) – Reprogram DED. • It compiles and synthesizes custom circuits to reconfigure DEDs over the network. • Regional Transaction Processor (RTP) – Determine action. • It consults a database to determine actions when matching content is found by a DED. • A single RTP can be used to remotely coordinates the activities of up to 100 DEDs.

  6. System Architecture (Cont.) Fig. 1. Example topology of a Network Aggregation Point (NAP) with DEDs added to provide worm and virus protection

  7. System Architecture (Cont.) • System operation Fig. 2. How the system works.

  8. Reprogrammable Logic • A DED contains two network line cards, a backplane, two or more FPX cards. • FPX card implements the core function of DED. It consists of • two FPGAs (one is NID and the other is RAD); • NID is used to route individual traffic flows through the device and process control packets. • RAS is dynamically reconfigured over the network to perform customized packet processing functions. • five banks of memory; • two high-speed (OC-48 rate) network interfaces.

  9. Reprogrammable Logic (Cont.) Fig. 3. The FPX card.

  10. Reprogrammable Logic (Cont.) • Line cards: • SONET line card adapter for ATM networks • GBIC for Gigabit Ethernet. • Protocol processing wrappers: • ATM wrapper • Gigabit Ethernet wrapper • IP wrapper • UDP wrapper • TCP wrapper

  11. Reprogrammable Logic (Cont.) • Performance • By implementing four modules in parallel, the FPX can process data at a rate of 2.4 Gigabits per second. • By performing the network scanning with parallel hardware, all packets can be examined even at high throughput. Fig. 4. Performance of FPGA-based matching v.s. Software-based matching.

  12. Conclusions • The system scans data quickly. • The scanning devices can be reconfigured to search for new attack patterns. • The system takes immediate action when attacks occur.

  13. References • Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware; by John W. Lockwood, James Moscola, Matthew Kulig, David Reddick, Tim Brooks, Military and Aerospace Programmable Logic Device (MAPLD), Washington DC, 2003, Paper E10, Sep 9-11, 2003. http://www.arl.wustl.edu/~lockwood/publications/MAPLD_2003_e10_lockwood_p.pdf • Application of Hardware Accelerated Extensible Network Nodes for Internet Worm and Virus Protection; by John W. Lockwood, James Moscola, David Reddick, Matthew Kulig, and Tim Brooks, International Working Conference on Active Networks (IWAN), Kyoto, Japan, December, 2003. http://www.arl.wustl.edu/~lockwood/publications/lockwood_IWAN_2003.pdf

More Related