RSS : A Reconfigurable Security System Designed on NetFPGA and Virtex 5-LX 110 T

This paper designs a novel security system on NetFPGA platform and Virtex5-LX110T using embedded soft-core technology. The system consists of two subsystems. The first one is a mainly used to protection subnets, which is implemented on NetFPGA board and the second one is a network intrusion detection system (NIDS) which is implemented on Xilinx Virtex5-LX110T board. Moreover, the two subsystems are not independent and they cooperate to form the cohesive reconfigurable security system (RSS). In the proposed system, NetFPGA is used to achieve packet filtering, ARP attacks immunity and traffic monitoring with hardware, which is in fact a hardware firewall, and Virtex5 is used to analyze attacks by capturing incoming packets, then transmitting the results to NetFPGA for updating packet filtering tables. To further enhance the security, two types of remote reconfigurable design methods are introduced, by which administrators are able to reconfigure both the software and the hardware of the two subsystems via authorized devices to change the security policies. Extensive experiments show that all the functions of the designed blocks are valid and the designed security system is feasible.

[1]  Gerald Estrin,et al.  Organization of Computer Systems-the Fixed Plus Variable Structure Computer , 1899 .

[2]  Jeffrey C. Mogul,et al.  Simple and Flexible Datagram Access Controls for UNIX-based Gateways , 1999 .

[3]  Gerald Estrin,et al.  Reconfigurable Computer Origins: The UCLA Fixed-Plus-Variable (F+V) Structure Computer , 2002, IEEE Ann. Hist. Comput..

[4]  Wayne Luk,et al.  Reconfigurable computing: architectures and design methods , 2005 .

[5]  D. Laturnas,et al.  Dynamic silicon firewall , 2005, Canadian Conference on Electrical and Computer Engineering, 2005..

[6]  Glen Gibb,et al.  NetFPGA—An Open Platform for Teaching How to Build Gigabit-Rate Network Switches and Routers , 2008, IEEE Transactions on Education.

[7]  Glen Gibb,et al.  Encouraging reusable network hardware design , 2009, 2009 IEEE International Conference on Microelectronic Systems Education.

[8]  Hossein Shirazi,et al.  Increasing Overall Network Security by Integrating Signature-Based NIDS with Packet Filtering Firewall , 2009, 2009 International Joint Conference on Artificial Intelligence.