Design of a Secure Router System for Next-Generation Networks

Authors

Tilman Wolf, University of Massachusetts Amherst
Russell Tessier, University of Massachusetts Amherst

Publication Date

2009

Journal or Book Title

2009 Third International Conference on Network and System Security

Abstract

Computer networks are vulnerable to attacks, where the network infrastructure itself is targeted. Emerging router designs, which use software-programmable embedded processors, increase the vulnerability to such attacks. We present the design of a secure packet processing platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in processing behavior. If such deviations are detected, a recovery system is invoked to restore the system into an operational state. Our preliminary results show that most attacks can be detected within a single instruction. The system overhead for secure monitoring is limited to a fraction of the overall space, memory, and power budget.

DOI

https://doi.org/10.1109/NSS.2009.70

Pages

52-59

Recommended Citation

Wolf, Tilman and Tessier, Russell, "Design of a Secure Router System for Next-Generation Networks" (2009). 2009 Third International Conference on Network and System Security. 1065.
https://doi.org/10.1109/NSS.2009.70