Automatic Construction of Hardware Traffic Validators

European Conference on Cyber Warfare and Security Pub Date : 2022-06-08 DOI:10.34190/eccws.21.1.200

Stephen Taylor, Jason Dahlstrom, E. Baker, Brandon Guzman

{"title":"Automatic Construction of Hardware Traffic Validators","authors":"Stephen Taylor, Jason Dahlstrom, E. Baker, Brandon Guzman","doi":"10.34190/eccws.21.1.200","DOIUrl":null,"url":null,"abstract":"This paper describes a fully automated process that creates a custom hardware traffic validator directly from a formal grammar and deploys it within a specialized network security appliance. The appliance appears as a hidden, all-hardware “bump-in-the-wire” that can be inserted within any network segment; it stores and validates messages on-the-fly, and either forwards or drops individual packets in real-time. Consequently, it serves to disrupt and mitigate stealthy remote attacks that leverage zero-day exploits and persistent implants. Allowed traffic, files, and mission payload formats are specified formally using a standard Look-Ahead, Left-to-Right (LALR) grammar that operates on ASCII and/or binary data. The grammars can be expressed either in Backus-Naur Form (BNF), used by industry standard tools such as Bison, or through state-of-the-art combinators, such as Hammer, under development within the DARPA SafeDocs program. Bison and Hammer compiler tools are used to generate standard shift/reduce parsing tables. These tables are post-processed to improve their compactness and practical viability. The optimized tables are then combined with a generic push-down automaton to form a complete parser. The parser is then automatically transformed into a hardware circuit using High-Level Synthesis (HLS). The result is a composable block of circuitry that can be directly inserted into a generic communications harness embedded within a Field Programmable Gate Array (FPGA) on the network appliance.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/eccws.21.1.200","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This paper describes a fully automated process that creates a custom hardware traffic validator directly from a formal grammar and deploys it within a specialized network security appliance. The appliance appears as a hidden, all-hardware “bump-in-the-wire” that can be inserted within any network segment; it stores and validates messages on-the-fly, and either forwards or drops individual packets in real-time. Consequently, it serves to disrupt and mitigate stealthy remote attacks that leverage zero-day exploits and persistent implants. Allowed traffic, files, and mission payload formats are specified formally using a standard Look-Ahead, Left-to-Right (LALR) grammar that operates on ASCII and/or binary data. The grammars can be expressed either in Backus-Naur Form (BNF), used by industry standard tools such as Bison, or through state-of-the-art combinators, such as Hammer, under development within the DARPA SafeDocs program. Bison and Hammer compiler tools are used to generate standard shift/reduce parsing tables. These tables are post-processed to improve their compactness and practical viability. The optimized tables are then combined with a generic push-down automaton to form a complete parser. The parser is then automatically transformed into a hardware circuit using High-Level Synthesis (HLS). The result is a composable block of circuitry that can be directly inserted into a generic communications harness embedded within a Field Programmable Gate Array (FPGA) on the network appliance.

查看原文本刊更多论文

硬件流量验证器的自动构造

本文描述了一个完全自动化的过程，该过程直接从正式语法创建自定义硬件流量验证器，并将其部署到专门的网络安全设备中。该设备看起来像一个隐藏的、全硬件的“插线器”，可以插入任何网络段;它实时存储和验证消息，并实时转发或丢弃单个数据包。因此，它可以破坏和减轻利用零日漏洞和持久植入的隐形远程攻击。允许的流量、文件和任务有效载荷格式使用标准的从左到右(LALR)语法正式指定，该语法对ASCII和/或二进制数据进行操作。语法既可以用巴克斯-瑙尔形式(BNF)表示，这种形式由Bison等行业标准工具使用，也可以通过最先进的组合器表示，例如DARPA SafeDocs项目正在开发的Hammer。Bison和Hammer编译器工具用于生成标准的shift/reduce解析表。这些表经过后处理，以提高其紧凑性和实际可行性。然后将优化的表与一般的下推自动机结合起来，形成一个完整的解析器。然后使用高级合成(High-Level Synthesis, HLS)将解析器自动转换为硬件电路。结果是一个可组合的电路块，可以直接插入到嵌入在网络设备上的现场可编程门阵列(FPGA)中的通用通信线束中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

European Conference on Cyber Warfare and Security

自引率

0.00%

发文量