ABSTRACT

    Carnegie Mellon University Technical Report CMU-CS-02-144, May 2002.

    Self-Securing Network Interfaces: What, Why and How

    Gregory R. Ganger, Gregg Economou, Stanley M. Bielski

    Electrical and Computer Engineering
    Carnegie Mellon University
    Pittsburgh, PA 15213

    http://www.pdl.cmu.edu/

    Self-securing network interfaces (NIs) examine the packets that they move between network links and host software, looking for and potentially blocking malicious network activity. This paper describes self-securing network interfaces, their features, and examples of how these features allow administrators to more effectively spot and contain malicious network activity. We present a software architecture for self-securing NIs that separates scanning software into applications (called scanners) running on an NI kernel. The resulting scanner API simplifies the construction of scanning software and allows its powers to be contained even if it is subverted. We illustrate the potential via a prototype self-securing NI and two example scanners: one that identifies and blocks known e-mail viruses and one that identifies and inhibits rapidly-propagating worms like Code-Red.

    FULL PAPER: pdf / postscript


    PDL Home Publications Home

    © 2008.
    Last updated 10 November, 2004