Hardware Monitoring

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 264 Experts worldwide ranked by ideXlab platform

Tilman Wolf - One of the best experts on this subject based on the ideXlab platform.

  • MASS - Securing IoT Protocol Implementations Through Hardware Monitoring
    2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), 2019
    Co-Authors: Arman Pouraghily, Tilman Wolf
    Abstract:

    The Internet of Things (IoT) represents the technical foundation to solve some of the most important societal and environmental problems. One of the key challenges in IoT systems is providing security for distributed, networked IoT components that are implemented with potentially very low-end embedded processing systems. As the value of sensor data and actuator access increases in IoT deployments, attackers may increasingly target these vulnerable systems and protocol implementations running on them. For protocols that involve economic transactions on blockchains, as we show in our work, there is a direct monetary value associated with successful attacks. To address this problem, we present a Hardware Monitoring system that augments processors with logic that tracks the correct execution of software on the embedded systems. Attacks on the system, such as buffer overflow attacks, are recognized and stopped by the Hardware monitor. Therefore, the system can avoid economic loss due to an attack and ensure that the protocol implementation is secured. We show the effectiveness of our system on a prototype that uses Linux running on a soft-core LEON3 processor on an Intel Stratix IV FPGA and interacts with the Ethereum blockchain.

  • Securing IoT Protocol Implementations Through Hardware Monitoring
    2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), 2019
    Co-Authors: Arman Pouraghily, Tilman Wolf
    Abstract:

    The Internet of Things (IoT) represents the technical foundation to solve some of the most important societal and environmental problems. One of the key challenges in IoT systems is providing security for distributed, networked IoT components that are implemented with potentially very low-end embedded processing systems. As the value of sensor data and actuator access increases in IoT deployments, attackers may increasingly target these vulnerable systems and protocol implementations running on them. For protocols that involve economic transactions on blockchains, as we show in our work, there is a direct monetary value associated with successful attacks. To address this problem, we present a Hardware Monitoring system that augments processors with logic that tracks the correct execution of software on the embedded systems. Attacks on the system, such as buffer overflow attacks, are recognized and stopped by the Hardware monitor. Therefore, the system can avoid economic loss due to an attack and ensure that the protocol implementation is secured. We show the effectiveness of our system on a prototype that uses Linux running on a soft-core LEON3 processor on an Intel Stratix IV FPGA and interacts with the Ethereum blockchain.

  • Securing Network Processors with High-Performance Hardware Monitors
    IEEE Transactions on Dependable and Secure Computing, 2015
    Co-Authors: Tilman Wolf, Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Russell Tessier
    Abstract:

    As the Internet becomes integrated into nearly all aspects of everyday life, its reliability grows in importance. This vital communication resource, which has become an inviting target for attackers, must be protected with the same vigor as the end-systems it interconnects. Recent trends in network router architecture towards programmability and flexibility have increased the susceptibility of communication Hardware to software attacks which modify intended data processing and forwarding functions. Contemporary routers typically feature network processors, whose protocol processing functions are determined via software. Prior work has shown that these general-purpose software-based processing systems can be attacked with data packets sent through the Internet. As a defense mechanism, the correct functionality of a network processor can be verified by a Hardware monitor that observes processor operation and compares it to expected behavior. In the event of an attack, the monitor can interrupt the network processor, suppress malicious behavior, and reset the processor to a usable state for processing of subsequent traffic. In this work, we present several significant advances in Hardware Monitoring for network processors. A low-overhead monitor architecture that evaluates correct network processor operation in real-time on an instruction-by-instruction basis is described and tested. The monitor is shown to effectively prevent stack smashing attacks on processors that use a Harvard architecture, a widely used network processor configuration. Through experimentation, we show that our approach to Hardware Monitoring does not affect data plane packet throughput. In the event of an attack, malicious packets are dropped while packets of regular network traffic proceed through the network unaffected. A full evaluation of monitor architectural parameters is provided to create an optimized monitor design.

  • ASAP - Multi-task support for security-enabled embedded processors
    2015 IEEE 26th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2015
    Co-Authors: Tedy Thomas, Kekai Hu, Arman Pouraghily, Russell Tessier, Tilman Wolf
    Abstract:

    Embedded systems require low overhead security approaches to ensure that they are protected from attacks. In this paper, we propose a Hardware-based approach to secure the operation of an embedded processor instruction-by-instruction, where deviations from expected program behavior are detected within the execution of an instruction. These security-enabled embedded processors provide effective defenses against common attacks, such as stack smashing. Previous work in this area has focused on Monitoring a single task on a CPU while here we present a novel Hardware Monitoring system that can monitor multiple active tasks in an operating-system-based platform. The Hardware monitor is able to track context switches that occur in the operating system and ensure that Monitoring is performed continuously, thus ensuring system security. We present the design of our system and results obtained from a prototype implementation of the system on an Altera DE4 FPGA board. We demonstrate in Hardware that applications can be monitored at the instruction level without execution slowdown and stack smashing attacks can be defeated using our system.

  • DAC - System-Level Security for Network Processors with Hardware Monitors
    Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference - DAC '14, 2014
    Co-Authors: Kekai Hu, Tilman Wolf, Thiago Teixeira, Russell Tessier
    Abstract:

    New attacks are emerging that target the Internet infrastructure. Modern routers use programmable network processors that may be exploited by merely sending suitably crafted data packets into a network. Hardware monitors that are co-located with processor cores can detect attacks that change processor behavior with high probability. In this paper, we present a solution to the problem of secure, dynamic installation of Hardware Monitoring graphs on these devices. We also address the problem of how to overcome the homogeneity of a network with many identical devices, where a successful attack, albeit possible only with small probability, may have devastating effects.

Kekai Hu - One of the best experts on this subject based on the ideXlab platform.

  • Securing Network Processors with High-Performance Hardware Monitors
    IEEE Transactions on Dependable and Secure Computing, 2015
    Co-Authors: Tilman Wolf, Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Russell Tessier
    Abstract:

    As the Internet becomes integrated into nearly all aspects of everyday life, its reliability grows in importance. This vital communication resource, which has become an inviting target for attackers, must be protected with the same vigor as the end-systems it interconnects. Recent trends in network router architecture towards programmability and flexibility have increased the susceptibility of communication Hardware to software attacks which modify intended data processing and forwarding functions. Contemporary routers typically feature network processors, whose protocol processing functions are determined via software. Prior work has shown that these general-purpose software-based processing systems can be attacked with data packets sent through the Internet. As a defense mechanism, the correct functionality of a network processor can be verified by a Hardware monitor that observes processor operation and compares it to expected behavior. In the event of an attack, the monitor can interrupt the network processor, suppress malicious behavior, and reset the processor to a usable state for processing of subsequent traffic. In this work, we present several significant advances in Hardware Monitoring for network processors. A low-overhead monitor architecture that evaluates correct network processor operation in real-time on an instruction-by-instruction basis is described and tested. The monitor is shown to effectively prevent stack smashing attacks on processors that use a Harvard architecture, a widely used network processor configuration. Through experimentation, we show that our approach to Hardware Monitoring does not affect data plane packet throughput. In the event of an attack, malicious packets are dropped while packets of regular network traffic proceed through the network unaffected. A full evaluation of monitor architectural parameters is provided to create an optimized monitor design.

  • ASAP - Multi-task support for security-enabled embedded processors
    2015 IEEE 26th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2015
    Co-Authors: Tedy Thomas, Kekai Hu, Arman Pouraghily, Russell Tessier, Tilman Wolf
    Abstract:

    Embedded systems require low overhead security approaches to ensure that they are protected from attacks. In this paper, we propose a Hardware-based approach to secure the operation of an embedded processor instruction-by-instruction, where deviations from expected program behavior are detected within the execution of an instruction. These security-enabled embedded processors provide effective defenses against common attacks, such as stack smashing. Previous work in this area has focused on Monitoring a single task on a CPU while here we present a novel Hardware Monitoring system that can monitor multiple active tasks in an operating-system-based platform. The Hardware monitor is able to track context switches that occur in the operating system and ensure that Monitoring is performed continuously, thus ensuring system security. We present the design of our system and results obtained from a prototype implementation of the system on an Altera DE4 FPGA board. We demonstrate in Hardware that applications can be monitored at the instruction level without execution slowdown and stack smashing attacks can be defeated using our system.

  • Securing Network Processors with Hardware Monitors
    IEEE Trans. Dependable Sec. Comput., 2015
    Co-Authors: Kekai Hu
    Abstract:

    As an essential part of modern society, the Internet has fundamentally changed our lives during the last decade. Novel applications and technologies, such as online shopping, social networking, cloud computing, mobile networking, etc, have sprung up at an astonishing pace. These technologies not only influence modern life styles but also impact Internet infrastructure. Numerous new network applications and services require better programmability and flexibility for network devices, such as routers and switches. Since traditional fixed function network routers based on application specific integrated circuits (ASICs) have difficulty keeping pace with the growing demands of next-generation Internet applications, there is an ongoing shift in the industry toward implementing network devices using programmable network processors (NPs). While network processors offer great benefits in terms of flexibility, their repro- grammable nature exposes potential security risks. Similar to network end-systems, such as general-purpose computers, software-based network processors have security vulnerabilities that can be attacked remotely. Recent research has shown that a new type of data plane attack is able to modify the functionality of a network proces- sor and cause a denial-of-service (DoS) attack by sending a single malformed UDP packet. Since this attack relies solely on data plane access and does not need access to the control plane, it can be particularly difficult to control. Hardware security monitors have been introduced to identify and eliminate these malicious packets before they can propagate and cause devastating effects in the network. However, previous work on Hardware monitors only focus on single core systems with static (or very slowly changing) workloads. In network processors that use up to hundreds of parallel processor cores and have processing workloads that can change dynamically based on the network traffic, the realization of a complete multicore Hardware Monitoring system remains a critical challenge. Our research work in this thesis provides a comprehensive solution to this problem. Our first contribution is the design and prototype implementation of a Scalable Hardware Monitoring Grid (SHMG). This scalable architecture balances area cost and performance overhead by using a clustered approach for multicore NP systems. In order to adapt to dynamically changing network traffic, a resource reallocation algorithm is designed to reassign the processing resources in SHMG to different net- work applications at runtime. An evaluation of the prototype SHMG on an Altera DE4 board demonstrates low resource and performance overheads. The functional- ity and performance of a runtime resource reallocation algorithm are tested using a simulation environment. A second significant contribution of this work is a network system-level security solution for multicore network processors with Hardware monitors. It addresses two key problems: (1) how to securely manage and reprogram processor cores and moni- tors in a deployed router in the network, and (2) how to prevent the large number of identical router devices in the network from an attack that can circumvent one specific Monitoring system and lead to Internet-scale failures. A Secure Dynamic Multicore Hardware Monitoring System (SDMMon) is designed based on cryptographic prin- ciples and suitable key management to ensure the secure installation of processor binaries and monitor graphs. We present a Merkle tree based parameterizable high- performance hash function that can be configured to perform a variety of functions in different devices via a 32-bit configuration parameter. A prototype system composed of both the SDMMon and the parameterizable hash is implemented and evaluated on an Altera DE4 board. Finally, a fully-functional, comprehensive Multicore NP Security Platform, which integrates both the SHMG and the SDMMon security features, has been implemented on an Altera DE5 board.

  • DAC - System-Level Security for Network Processors with Hardware Monitors
    Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference - DAC '14, 2014
    Co-Authors: Kekai Hu, Tilman Wolf, Thiago Teixeira, Russell Tessier
    Abstract:

    New attacks are emerging that target the Internet infrastructure. Modern routers use programmable network processors that may be exploited by merely sending suitably crafted data packets into a network. Hardware monitors that are co-located with processor cores can detect attacks that change processor behavior with high probability. In this paper, we present a solution to the problem of secure, dynamic installation of Hardware Monitoring graphs on these devices. We also address the problem of how to overcome the homogeneity of a network with many identical devices, where a successful attack, albeit possible only with small probability, may have devastating effects.

  • CNS - Scalable Hardware monitors to protect network processors from data plane attacks
    2013 IEEE Conference on Communications and Network Security (CNS), 2013
    Co-Authors: Kekai Hu, Harikrishnan Chandrikakutty, Russell Tessier, Tilman Wolf
    Abstract:

    Modern router Hardware in computer networks is based on programmable network processors, which implement various packet forwarding operations in software. These processor systems are vulnerable to attacks that can be launched entirely through the data plane of the network without any access to the control interface of the router. Prior work has shown that a single malformed UDP packet can take over a network processor running vulnerable packet processing software and trigger a devastating denial-of-service attack from within the network. One possible defense mechanism for these resource-constrained network processors is the use of Hardware Monitoring systems that track the operations of each processor core. Any deviation from programmed behavior indicates an attack and triggers reset and recovery actions. Such Hardware monitors have been studied extensively for single processor cores, but network processors consist of dozens to hundreds of processors with highly dynamic workloads. In this paper, we present the design of a Scalable Hardware Monitoring Grid, which allows the dynamic sharing of Hardware Monitoring resources among processor cores. We show the scalability of our Monitoring system to network processors with large numbers of cores. We also present a multicore prototype implementation of the Monitoring system on an FPGA platform.

Russell Tessier - One of the best experts on this subject based on the ideXlab platform.

  • Securing Network Processors with High-Performance Hardware Monitors
    IEEE Transactions on Dependable and Secure Computing, 2015
    Co-Authors: Tilman Wolf, Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Russell Tessier
    Abstract:

    As the Internet becomes integrated into nearly all aspects of everyday life, its reliability grows in importance. This vital communication resource, which has become an inviting target for attackers, must be protected with the same vigor as the end-systems it interconnects. Recent trends in network router architecture towards programmability and flexibility have increased the susceptibility of communication Hardware to software attacks which modify intended data processing and forwarding functions. Contemporary routers typically feature network processors, whose protocol processing functions are determined via software. Prior work has shown that these general-purpose software-based processing systems can be attacked with data packets sent through the Internet. As a defense mechanism, the correct functionality of a network processor can be verified by a Hardware monitor that observes processor operation and compares it to expected behavior. In the event of an attack, the monitor can interrupt the network processor, suppress malicious behavior, and reset the processor to a usable state for processing of subsequent traffic. In this work, we present several significant advances in Hardware Monitoring for network processors. A low-overhead monitor architecture that evaluates correct network processor operation in real-time on an instruction-by-instruction basis is described and tested. The monitor is shown to effectively prevent stack smashing attacks on processors that use a Harvard architecture, a widely used network processor configuration. Through experimentation, we show that our approach to Hardware Monitoring does not affect data plane packet throughput. In the event of an attack, malicious packets are dropped while packets of regular network traffic proceed through the network unaffected. A full evaluation of monitor architectural parameters is provided to create an optimized monitor design.

  • ASAP - Multi-task support for security-enabled embedded processors
    2015 IEEE 26th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2015
    Co-Authors: Tedy Thomas, Kekai Hu, Arman Pouraghily, Russell Tessier, Tilman Wolf
    Abstract:

    Embedded systems require low overhead security approaches to ensure that they are protected from attacks. In this paper, we propose a Hardware-based approach to secure the operation of an embedded processor instruction-by-instruction, where deviations from expected program behavior are detected within the execution of an instruction. These security-enabled embedded processors provide effective defenses against common attacks, such as stack smashing. Previous work in this area has focused on Monitoring a single task on a CPU while here we present a novel Hardware Monitoring system that can monitor multiple active tasks in an operating-system-based platform. The Hardware monitor is able to track context switches that occur in the operating system and ensure that Monitoring is performed continuously, thus ensuring system security. We present the design of our system and results obtained from a prototype implementation of the system on an Altera DE4 FPGA board. We demonstrate in Hardware that applications can be monitored at the instruction level without execution slowdown and stack smashing attacks can be defeated using our system.

  • DAC - System-Level Security for Network Processors with Hardware Monitors
    Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference - DAC '14, 2014
    Co-Authors: Kekai Hu, Tilman Wolf, Thiago Teixeira, Russell Tessier
    Abstract:

    New attacks are emerging that target the Internet infrastructure. Modern routers use programmable network processors that may be exploited by merely sending suitably crafted data packets into a network. Hardware monitors that are co-located with processor cores can detect attacks that change processor behavior with high probability. In this paper, we present a solution to the problem of secure, dynamic installation of Hardware Monitoring graphs on these devices. We also address the problem of how to overcome the homogeneity of a network with many identical devices, where a successful attack, albeit possible only with small probability, may have devastating effects.

  • CNS - Scalable Hardware monitors to protect network processors from data plane attacks
    2013 IEEE Conference on Communications and Network Security (CNS), 2013
    Co-Authors: Kekai Hu, Harikrishnan Chandrikakutty, Russell Tessier, Tilman Wolf
    Abstract:

    Modern router Hardware in computer networks is based on programmable network processors, which implement various packet forwarding operations in software. These processor systems are vulnerable to attacks that can be launched entirely through the data plane of the network without any access to the control interface of the router. Prior work has shown that a single malformed UDP packet can take over a network processor running vulnerable packet processing software and trigger a devastating denial-of-service attack from within the network. One possible defense mechanism for these resource-constrained network processors is the use of Hardware Monitoring systems that track the operations of each processor core. Any deviation from programmed behavior indicates an attack and triggers reset and recovery actions. Such Hardware monitors have been studied extensively for single processor cores, but network processors consist of dozens to hundreds of processors with highly dynamic workloads. In this paper, we present the design of a Scalable Hardware Monitoring Grid, which allows the dynamic sharing of Hardware Monitoring resources among processor cores. We show the scalability of our Monitoring system to network processors with large numbers of cores. We also present a multicore prototype implementation of the Monitoring system on an FPGA platform.

  • Scalable Hardware monitors to protect network processors from data plane attacks
    2013 IEEE Conference on Communications and Network Security (CNS), 2013
    Co-Authors: Kekai Hu, Harikrishnan Chandrikakutty, Russell Tessier, Tilman Wolf
    Abstract:

    Modern router Hardware in computer networks is based on programmable network processors, which implement various packet forwarding operations in software. These processor systems are vulnerable to attacks that can be launched entirely through the data plane of the network without any access to the control interface of the router. Prior work has shown that a single malformed UDP packet can take over a network processor running vulnerable packet processing software and trigger a devastating denial-of-service attack from within the network. One possible defense mechanism for these resource-constrained network processors is the use of Hardware Monitoring systems that track the operations of each processor core. Any deviation from programmed behavior indicates an attack and triggers reset and recovery actions. Such Hardware monitors have been studied extensively for single processor cores, but network processors consist of dozens to hundreds of processors with highly dynamic workloads. In this paper, we present the design of a Scalable Hardware Monitoring Grid, which allows the dynamic sharing of Hardware Monitoring resources among processor cores. We show the scalability of our Monitoring system to network processors with large numbers of cores. We also present a multicore prototype implementation of the Monitoring system on an FPGA platform.

Arman Pouraghily - One of the best experts on this subject based on the ideXlab platform.

  • MASS - Securing IoT Protocol Implementations Through Hardware Monitoring
    2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), 2019
    Co-Authors: Arman Pouraghily, Tilman Wolf
    Abstract:

    The Internet of Things (IoT) represents the technical foundation to solve some of the most important societal and environmental problems. One of the key challenges in IoT systems is providing security for distributed, networked IoT components that are implemented with potentially very low-end embedded processing systems. As the value of sensor data and actuator access increases in IoT deployments, attackers may increasingly target these vulnerable systems and protocol implementations running on them. For protocols that involve economic transactions on blockchains, as we show in our work, there is a direct monetary value associated with successful attacks. To address this problem, we present a Hardware Monitoring system that augments processors with logic that tracks the correct execution of software on the embedded systems. Attacks on the system, such as buffer overflow attacks, are recognized and stopped by the Hardware monitor. Therefore, the system can avoid economic loss due to an attack and ensure that the protocol implementation is secured. We show the effectiveness of our system on a prototype that uses Linux running on a soft-core LEON3 processor on an Intel Stratix IV FPGA and interacts with the Ethereum blockchain.

  • Securing IoT Protocol Implementations Through Hardware Monitoring
    2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), 2019
    Co-Authors: Arman Pouraghily, Tilman Wolf
    Abstract:

    The Internet of Things (IoT) represents the technical foundation to solve some of the most important societal and environmental problems. One of the key challenges in IoT systems is providing security for distributed, networked IoT components that are implemented with potentially very low-end embedded processing systems. As the value of sensor data and actuator access increases in IoT deployments, attackers may increasingly target these vulnerable systems and protocol implementations running on them. For protocols that involve economic transactions on blockchains, as we show in our work, there is a direct monetary value associated with successful attacks. To address this problem, we present a Hardware Monitoring system that augments processors with logic that tracks the correct execution of software on the embedded systems. Attacks on the system, such as buffer overflow attacks, are recognized and stopped by the Hardware monitor. Therefore, the system can avoid economic loss due to an attack and ensure that the protocol implementation is secured. We show the effectiveness of our system on a prototype that uses Linux running on a soft-core LEON3 processor on an Intel Stratix IV FPGA and interacts with the Ethereum blockchain.

  • ASAP - Multi-task support for security-enabled embedded processors
    2015 IEEE 26th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2015
    Co-Authors: Tedy Thomas, Kekai Hu, Arman Pouraghily, Russell Tessier, Tilman Wolf
    Abstract:

    Embedded systems require low overhead security approaches to ensure that they are protected from attacks. In this paper, we propose a Hardware-based approach to secure the operation of an embedded processor instruction-by-instruction, where deviations from expected program behavior are detected within the execution of an instruction. These security-enabled embedded processors provide effective defenses against common attacks, such as stack smashing. Previous work in this area has focused on Monitoring a single task on a CPU while here we present a novel Hardware Monitoring system that can monitor multiple active tasks in an operating-system-based platform. The Hardware monitor is able to track context switches that occur in the operating system and ensure that Monitoring is performed continuously, thus ensuring system security. We present the design of our system and results obtained from a prototype implementation of the system on an Altera DE4 FPGA board. We demonstrate in Hardware that applications can be monitored at the instruction level without execution slowdown and stack smashing attacks can be defeated using our system.

Wang Ying - One of the best experts on this subject based on the ideXlab platform.

  • vehicle electrical motor control system with safety Monitoring function and Monitoring method of vehicle electrical motor control system
    2014
    Co-Authors: Cai Jiaoming, Wang Jinlei, Chen Lichong, Luo Xiao, Wang Ying
    Abstract:

    The invention provides a vehicle electrical motor control system with a safety Monitoring function and a Monitoring method of the vehicle electrical motor control system. The vehicle electrical motor control system aims to meet the ever-growing requirement for vehicle safety. The vehicle electrical motor control system with the safety Monitoring function comprises an electrical motor controller chip controlling operation of an electrical motor, the electrical motor controller chip is connected with a CAN bus, a power source Monitoring module, a bus voltage Monitoring module, a bus current Monitoring module, a three-phase current Monitoring module, a controller temperature Monitoring module, an electrical motor temperature Monitoring module, an electrical motor rotating-speed Monitoring module and an operation Monitoring module, and the operation Monitoring module is communicated with an electrical motor controller. According to the vehicle electrical motor control system, many Hardware Monitoring modules and software Monitoring functions are added and constitute a two-level Monitoring network together, it is guaranteed that all fault information can be found timely and processed timely, and therefore the whole control system has higher safety and meets the requirement related to safety in the vehicle industry.

Hardware Monitoring - 15 days free trial to Access Experts & Abstracts