Luth: Composing and Parallelizing Midpoint Inspection Devices

2010 Fourth International Conference on Network and System Security Pub Date : 2010-09-01 DOI:10.1109/NSS.2010.44

Ion Alberdi, V. Nicomette, P. Owezarski

{"title":"Luth: Composing and Parallelizing Midpoint Inspection Devices","authors":"Ion Alberdi, V. Nicomette, P. Owezarski","doi":"10.1109/NSS.2010.44","DOIUrl":null,"url":null,"abstract":"The race for innovation is driving Internet evolution. Internet software developers have to create more complex systems while enduring the pressuring time to market. Therefore, end-host software have bugs, vulnerabilities and cannot be trusted. That's why, among others, network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), firewall or other network devices monitor such software to prevent unexpected behaviors. However, their functionalities are limited by design, because they can only handle a configuration of predefined monolithic protocol layerings. In this paper we present Luth, a midpoint inspection device that relies on the composition and parallelization of predefined midpoint inspectors (MI). We present the main functionalities offered by its configuration language and interpreter. Finally, we benchmark a prototype implemented in OCaml. This prototype runs in the user space of a GNU/Linux operating system, by means of the libnet filter_queue library. We show how it efficiently inspects and filters DNS hidden-channels encapsulated into 20 GRE tunnels.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.44","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The race for innovation is driving Internet evolution. Internet software developers have to create more complex systems while enduring the pressuring time to market. Therefore, end-host software have bugs, vulnerabilities and cannot be trusted. That's why, among others, network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), firewall or other network devices monitor such software to prevent unexpected behaviors. However, their functionalities are limited by design, because they can only handle a configuration of predefined monolithic protocol layerings. In this paper we present Luth, a midpoint inspection device that relies on the composition and parallelization of predefined midpoint inspectors (MI). We present the main functionalities offered by its configuration language and interpreter. Finally, we benchmark a prototype implemented in OCaml. This prototype runs in the user space of a GNU/Linux operating system, by means of the libnet filter_queue library. We show how it efficiently inspects and filters DNS hidden-channels encapsulated into 20 GRE tunnels.

查看原文本刊更多论文

Luth:组成和并行中点检测装置

创新竞赛推动着互联网的发展。互联网软件开发人员必须创建更复杂的系统，同时还要忍受上市时间的压力。因此，终端主机软件存在缺陷、漏洞，不可信。这就是为什么网络入侵检测系统(IDS)、入侵防御系统(IPS)、防火墙或其他网络设备监控此类软件以防止意外行为的原因。然而，它们的功能受到设计的限制，因为它们只能处理预定义的单片协议层的配置。在本文中，我们提出了Luth，一个中点检测装置，它依赖于预定义的中点检测器(MI)的组成和并行化。我们介绍了它的配置语言和解释器提供的主要功能。最后，我们对一个用OCaml实现的原型进行了基准测试。这个原型通过libnet filter_queue库在GNU/Linux操作系统的用户空间中运行。我们展示了它如何有效地检查和过滤封装到20 GRE隧道中的DNS隐藏通道。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Fourth International Conference on Network and System Security

自引率

0.00%

发文量