Reconfigurable Architectures and Design Automation Tools for Application-Level Network Security
Sascha Mühlbach
Diese Publikation zitieren
Sascha Mühlbach, Reconfigurable Architectures and Design Automation Tools for Application-Level Network Security (2015), Logos Verlag, Berlin, ISBN: 9783832587772
13
Accesses
Accesses
Beschreibung / Abstract
The relevance of the Internet has dramatically grown in recent decades. However, the enormous financial impact attracts many types of criminals. Setting up proper security mechanisms (e.g., Intrusion Detection Systems) has therefore never been more important than today. To keep up with today's data transfer rates (10 to 100 Gbit/s), dedicated hardware accelerators have been proposed to offload compute intensive tasks from general purpose processors.
A key technology of particular interest for this scenario is the use of reconfigurable hardware, e.g., the Field Programmable Gate Array (FPGA). This work addresses their implementation in the domain of interactive communication applications, going beyond the regular packet-level operations often seen in this context. A newly developed FPGA platform (NetStage) provides the foundation for rapidly prototyping such applications. A sample application built on top of NetStage is the hardware honeypot MalCoBox. It not only serves as a proof-of-concept, but was also successfully evaluated in a live data center setting.
To counter the difficulty of programming reconfigurable architectures for non-hardware designers, the domain-specific language Malacoda has been developed. Malacoda allows the high-level coding of honeypot communication dialogs, which is then automatically compiled into hardware blocks for insertion into NetStage. Together, NetStage and Malacoda address some of the key hindrances for the more widespread use of reconfigurable computing in communications applications.
A key technology of particular interest for this scenario is the use of reconfigurable hardware, e.g., the Field Programmable Gate Array (FPGA). This work addresses their implementation in the domain of interactive communication applications, going beyond the regular packet-level operations often seen in this context. A newly developed FPGA platform (NetStage) provides the foundation for rapidly prototyping such applications. A sample application built on top of NetStage is the hardware honeypot MalCoBox. It not only serves as a proof-of-concept, but was also successfully evaluated in a live data center setting.
To counter the difficulty of programming reconfigurable architectures for non-hardware designers, the domain-specific language Malacoda has been developed. Malacoda allows the high-level coding of honeypot communication dialogs, which is then automatically compiled into hardware blocks for insertion into NetStage. Together, NetStage and Malacoda address some of the key hindrances for the more widespread use of reconfigurable computing in communications applications.
Inhaltsverzeichnis
- BEGINN
- 1 Introduction
- 1.1 Hardware Support for Network Security
- 1.2 Platforms for Hardware-Based Networking
- 1.3 High-Level Compilation of Networking Hardware
- 1.4 Thesis Contributions
- 1.5 Thesis Structure
- 2 Reconfigurable Hardware
- 2.1 Field Programmable Gate Array (FPGA)
- 2.2 Hardware Development Boards
- 3 Prior and Related Work
- 3.1 Hardware Support for Network Security
- 3.2 Hardware-Based Network Platforms
- 3.3 Custom architectures
- 3.4 High-Level Hardware Compilation
- 3.5 Honeypots
- 4 NetStage Core Architecture
- 4.1 Platform Design
- 4.2 Platform Architecture
- 4.3 NetStage Communication Core
- 4.4 Lightweight TCP Implementation
- 4.5 Chapter Summary
- 5 NetStage Platform and Application Support
- 5.1 Application-Specific Service Handlers
- 5.2 Supporting Platform Services
- 5.3 Dynamic Partial Reconfiguration
- 5.4 Chapter Summary
- 6 Malacoda: Compiling Honeypot Applications on NetStage
- 6.1 Domain Specific Languages
- 6.2 DSL Decision and Domain Analysis
- 6.3 Language Design
- 6.4 Compiler Implementation
- 6.5 Chapter Summary
- 7 Experimental Results
- 7.1 Hardware Implementation
- 7.2 Hardware Synthesis Results
- 7.3 Network Performance
- 7.4 MalCoBox Live Test
- 7.5 Chapter Summary
- 8 Conclusions and Future Work
- 8.1 Summary and Conclusions
- 8.2 Future Work
- Bibliography