WISDOM: security-aware fibres

The network is becoming faster day by day. High-speed links, of many Gbps, are considered as commodity technology empowering the Internet. On the other hand, Moore's law still applies to current processing power. It needs about 18 months for CPUs to double the number of their transistors. A very fast network composed by not as fast processors is unable to perform basic operations needed in the security field, like firewalling and intrusion detection. In this paper, we propose a novel system, which promotes security operations in the optical domain. We describe all hardware components - optical and digital - and the software, which renders the system functional. We outline application scenarios in which a hybrid architecture of optical and digital parts, like the one we propose in this paper, can offer significant benefit to the network from a security perspective.

[1]  Chester C. Carroll R68-40 Sequential Machines and Automata Theory , 1968, IEEE Transactions on Computers.

[2]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[3]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[4]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[5]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[6]  Greg Minshall,et al.  Ip Switching: Atm under Ip * , 1998 .

[7]  A. Kelly,et al.  All-optical parity checker with bit-differential delay , 1999 .

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[10]  George Varghese,et al.  Packet filtering in high speed networks , 1999, SODA '99.

[11]  Manning,et al.  Nonlinear Optics for High-Speed Digital Information Processing. , 1999, Science.

[12]  A. Kelly,et al.  All-optical parity checker , 1999, OFC/IOOC . Technical Digest. Optical Fiber Communication Conference, 1999, and the International Conference on Integrated Optics and Optical Fiber Communication.

[13]  Evangelos P. Markatos,et al.  : A DOMAIN-SPECIFIC STRING MATCHING ALGORITHM FOR INTRUSION DETECTION , 2003 .

[14]  A. Poustie Semiconductor devices for all-optical signal processing , 2005 .

[15]  Evangelos P. Markatos,et al.  Piranha: Fast and Memory-Efficient Pattern Matching for Intrusion Detection , 2005, SEC.

[16]  Niels Provos,et al.  Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware , 2008, LEET.

[17]  E.P. Markatos,et al.  WSIM: A Software Platform to Simulate All-Optical Security Operations , 2008, 2008 European Conference on Computer Network Defense.

[18]  R P Webb,et al.  42Gbit/s All-Optical Pattern Recognition System , 2008, OFC/NFOEC 2008 - 2008 Conference on Optical Fiber Communication/National Fiber Optic Engineers Conference.