Device guards Net against viruses

By Kimberly Patch, Technology Research News

Keeping a computer safe from viruses usually means installing virus-catching software and keeping it running and updated. Not everyone takes the trouble to do this, and viruses spread because there are enough unprotected machines to propagate them.

Researchers from Washington University and Global Velocity have come up with an alternative way to stop computer viruses and Internet worms.

The Field Programmable Port Extender is reconfigurable hardware that can protect an entire network at a time from viruses and worms. Information sent over the Internet is broken into packets that are reassembled at the data's final destination. The Field Programmable Port Extender scans every byte of data contained in every packet that passes through a network and stops packets that contain an Internet worm or computer virus signature.

Computer virus and worm software is designed to propagate throughout a network, just as biological viruses spread through a host population. And like biological viruses that can sicken hosts, computer viruses can damage computers by altering, destroying or sending files. Viruses attach themselves to or replace existing software. Worms, which are less common, are separate programs.

Because the Washington University system stops viruses and worms at the network level it has the potential to eradicate them more thoroughly than software running on end-user's computers, according to John Lockwood, an assistant professor of computer science and engineering at Washington University and co-founder of Global Velocity. "It could be used to instantly stop the spread of a virus," he said.

The system is fast enough to search for viruses in the wide flow of backbone Internet traffic because it uses hardware rather than software.

Hardware is faster than software, but is generally less flexible. By using reconfigurable hardware, however, the researchers were able to construct a system fast enough to filter data going through high-speed network backbones and flexible enough to add virus and worm signatures quickly as they are discovered. The researchers' device filters data at 2.4 billion bits per second, said Lockwood. "Software-based systems don't operate even close to fast enough to be usable on high-speed network backbones," he added.

The hardware generates a large number of customized circuits that each scan data for a certain type of virus or worm. The researchers developed a Web-based interface for the system that allows a network manager to easily add new worm or virus signatures, according to Lockwood.

The device is the result of several different ideas, said Lockwood. The concept of using reconfigurable hardware to selectively block data from passing through a network came first. Next, the researchers had to work out how a custom hardware machine could be built and used to scan, modify and take action on data. Then they had to figure out how to scan for thousands of signature strings of data simultaneously.

And to make the device practical, the researchers had to build the protocol processing circuits that could examine Transmission Control Protocol/Internet Protocol (TCP/IP) traffic at very high speeds and identify viruses and worms even when the bits of malicious software are broken up among multiple packets and interleaved among multiple traffic flows, according to Lockwood. TCP/IP is the software used to direct Internet traffic.

The system is ready for practical use now. "We have a working prototype of the platform running," said Lockwood. "We're working with partners to deploy systems into remote networks now," he said.

Lockwood's research colleagues were James Moscola from Washington University and Matthew Kulig, David Reddick and Tim Brooks from Global Velocity. They presented the work at the Military and Aerospace Programmable Logic Device (MALPD) conference in Washington, D.C. September 9 through 11, 2003. The research was funded by Global Velocity.

Timeline:   Now
Funding:   Corporate
TRN Categories:  Cryptography and Security; Internet
Story Type:   News
Related Elements:  Technical paper, "Internet Worm and Virus Protection in Dynamically Reconfigurable Hardware", Military and Aerospace Programmable Logic Device (MALPD) conference, Washington D.C., September 9-11, 2003 and posted at www.arl.wustl.edu/~lockwood/publications/MAPLD_2003_e10_lockwood_p.pdf
Advertisements:



December 17/24, 2003

Page One

PDA translates speech

Device guards Net against viruses

Body handles nanofiber

Microfluidics make flat screens

Briefs:
Chemists grow nano menagerie
Solid fuel cell works in heat
Hybrid crypto secures images
Chip uses oil to move droplets
Light spots sort particles
Organic transistors get small

News:
Research News Roundup
Research Watch blog

Features:
View from the High Ground Q&A
How It Works

RSS Feeds:
News  | Blog  | Books 

Ad links:
Buy an ad link
Advertisements:







Ad links: Clear History

Buy an ad link
 
Home     Archive     Resources    Feeds     Offline Publications     Glossary
TRN Finder     Research Dir.    Events Dir.      Researchers     Bookshelf
   Contribute      Under Development     T-shirts etc.     Classifieds
Forum    Comments    Feedback     About TRN


© Copyright Technology Research News, LLC 2000-2006. All rights reserved.