Self-Securing Network Interfaces: What, Why and How?

Abstract

Self-securing network interfaces (NIs) examine the packets that they move between network links and host software, looking for and potentially blocking malicious network activity. This paper describes self-securing network interfaces, their features, and examples of how these features allow administrators to more effectively spot and contain malicious network activity. The authors present a software architecture for self-securing NIs that separates scanning software into applications (called scanners) running on an NI kernel. The resulting scanner Application Programming Interface (API) simplifies the construction of scanning software and allows its powers to be contained even if it is subverted. They illustrate the architecture's potential via a prototype self-securing NI and two example scanners: one that identifies and blocks known e-mail viruses and one that identifies and inhibits rapidly propagating worms like Code Red.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2002
Accession Number
ADA457627

Entities

People

  • Gregg Economou
  • Gregory R. Ganger
  • Stanley M. Bielski

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Buffer Overflow Attack
  • Communication Channels
  • Computer Network Security
  • Computer Programming
  • Computer Science
  • Computers
  • Computing System Architectures
  • Detection
  • Electronic Mail
  • Intrusion Detection
  • Kernels (Operating System)
  • Network Architecture
  • Network Protocols
  • Operating Systems
  • Software Design
  • System Software
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computer Vision.
  • Cybersecurity.
  • Database Systems and Applications