Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2018, Vol. 58 Issue (8) : 693-697     DOI: 10.16511/j.cnki.qhdxxb.2018.21.019
COMPUTER SCIENCE AND TECHNOLOGY |
Pattern router to regulate dynamic actions in the router dataplane
XU Lei, XU Ke
Tsinghua National Laboratory for Information Science and Technology, Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
Download: PDF(1606 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  Router security has become more important with the increasing number of programmable routers. This paper presents a pattern router that codes the modularized dataplane and pre-combines the result to monitor and regulate the dynamic actions in the dataplane. This method uses an action identifier (AID) for each action in the dataplane and puts the normal AID into a regulated action table (RAT) before running the router. When the router is working, all the dynamic actions are verified by the RAT to secure the honesty of each action. The pattern router was implemented in a Click router and in a data plane development kit (DPDK) router with tests showing that the pattern router occupies only 2 MB and uses less than 10% of the bandwidth to capture all the abnormal actions in the dataplane.
Keywords router security      pattern router      router action     
Issue Date: 15 August 2018
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
XU Lei
XU Ke
Cite this article:   
XU Lei,XU Ke. Pattern router to regulate dynamic actions in the router dataplane[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(8): 693-697.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.21.019     OR     http://jst.tsinghuajournals.com/EN/Y2018/V58/I8/693
  
  
  
  
  
  
[1] YANG T, XIE G G, LI Y B, et al. Guarantee IP lookup performance with FIB explosion[C]//Proceedings of the 2014 ACM SIGCOMM Conference. Chicago, USA:ACM, 2014:39-50.
[2] APPENZELLER G, KESLASSY I, MCKEOWN N. Sizing router buffers[C]//Proceedings of the 2004 ACM SIGCOMM Conference. Portland, USA:ACM, 2004:281-292.
[3] MALTZ D A, XIE G, ZHAN J, et al. Routing design in operational networks:A look from the inside[C]//Proceedings of the 2004 ACM SIGCOMM Conference. Portland, USA:ACM, 2004:27-40.
[4] PAXSON V. End-to-end routing behavior in the Internet[J]. IEEE/ACM Transactions on Networking, 1997, 5(5):601-615.
[5] XU K, CHEN W L, LIN C, et al. Towards practical reconfigurable router:A software component development approach[J]. IEEE Network, 2014, 28(5):74-80.
[6] NSA/CSSM 1-52. Prism project[Z/OL].[2018-01-15]. https://nsa.gov1.info/dni/prism.html.
[7] MALTZ D A, ZHAN J, XIE G, et al. Structure preserving anonymization of router configuration data[C]//Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. Taormina:ACM, 2004:239-244.
[8] ZHANG Y, PAXSON V. Detecting backdoors[C]//Proceedings of the 9th Conference on USENIX Security Symposium. Denver:USENIX Association Berkeley, 2000:12-12.
[9] SPARKS S, EMBLETON S, ZOU C C. A chipset level network backdoor:Bypassing host-based firewall & IDS[C]//Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. Sydney:ACM, 2009:125-134.
[10] MOJO66. Backdoor found in arcadyan-based Wi-Fi routers[Z/OL].[2018-01-15]. http://it.slashdot.org/story/12/04/26/1411229/backdoor-found-in-arcadyan-based-wifi-routers.
[11] JC. RuggedCom-backdoor accounts in my SCADA network? you don't say…[Z/OL].[2018-01-15]. http://seclists.org/fulldisclosure/2012/Apr/277.
[12] COSTIN A, ZADDACH J, FRANCILLON A, et al. A Large-scale analysis of the security of embedded firmwares[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. San Diego:USENIX Association Berkeley, 2014:95-110.
[13] GOODIN D. Malicious cisco router backdoor found on 79 more devices, 25 in the US[Z/OL].[2018-01-15]. https://arstechnica.com/information-technology/2015/09/malicious-cisco-router-backdoor-found-on-79-more-devices-25-in-the-us/.
[14] GOODIN D. Cisco routers in at least 4 countries infected by highly stealthy backdoor[Z/OL].[2018-01-15]. https://arstechnica.com/information-technology/2015/09/attackers-install-highly-stealthy-backdoors-in-cisco-routers/.
[15] HIGGINS P, KRISHNAN R. DEFCON router hacking contest reveals 15 major vulnerabilities[Z/OL].[2018-01-15]. https://www.eff.org/ru/node/82002.
[16] DOBRESCU M, ARGYRAKI K. Software dataplane verification[C]//Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation. Seattle:USENIX Association Berkeley, 2014:101-114.
[17] KIM T H, BASESCU C, JIA L, et al. Lightweight source authentication and path validation[C]//ACM SIGCOMM. Chicago:ACM New York, 2014:271-282.
[18] Spirent. Spirent packet generator[Z/OL].[2018-01-15]. http://www.spirent.com/Products/TestCenter.
[19] DUGA J, ELLIOTT S, MAH B A, et al. Iperf[Z/OL].[2018-01-15]. https://iperf.fr/.
[20] ABADI M, BUDIU M, ERLINGSSON U, et al. Control-flow integrity[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security. Alexandria:ACM New York, 2005:340-353.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd