Device guards Net against viruses
Technology Research News
Keeping a computer safe from viruses usually
means installing virus-catching software and keeping it running and updated.
Not everyone takes the trouble to do this, and viruses spread because
there are enough unprotected machines to propagate them.
Researchers from Washington University and Global Velocity have
come up with an alternative way to stop computer viruses and Internet
The Field Programmable Port Extender is reconfigurable hardware
that can protect an entire network at a time from viruses and worms. Information
sent over the Internet is broken into packets that are reassembled at
the data's final destination. The Field Programmable Port Extender scans
every byte of data contained in every packet that passes through a network
and stops packets that contain an Internet worm or computer virus signature.
Computer virus and worm software is designed to propagate throughout
a network, just as biological viruses spread through a host population.
And like biological viruses that can sicken hosts, computer viruses can
damage computers by altering, destroying or sending files. Viruses attach
themselves to or replace existing software. Worms, which are less common,
are separate programs.
Because the Washington University system stops viruses and worms
at the network level it has the potential to eradicate them more thoroughly
than software running on end-user's computers, according to John Lockwood,
an assistant professor of computer science and engineering at Washington
University and co-founder of Global Velocity. "It could be used to instantly
stop the spread of a virus," he said.
The system is fast enough to search for viruses in the wide flow
of backbone Internet traffic because it uses hardware rather than software.
Hardware is faster than software, but is generally less flexible.
By using reconfigurable hardware, however, the researchers were able to
construct a system fast enough to filter data going through high-speed
network backbones and flexible enough to add virus and worm signatures
quickly as they are discovered. The researchers' device filters data at
2.4 billion bits per second, said Lockwood. "Software-based systems don't
operate even close to fast enough to be usable on high-speed network backbones,"
The hardware generates a large number of customized circuits that
each scan data for a certain type of virus or worm. The researchers developed
a Web-based interface for the system that allows a network manager to
easily add new worm or virus signatures, according to Lockwood.
The device is the result of several different ideas, said Lockwood.
The concept of using reconfigurable hardware to selectively block data
from passing through a network came first. Next, the researchers had to
work out how a custom hardware machine could be built and used to scan,
modify and take action on data. Then they had to figure out how to scan
for thousands of signature strings of data simultaneously.
And to make the device practical, the researchers had to build
the protocol processing circuits that could examine Transmission Control
Protocol/Internet Protocol (TCP/IP) traffic at very high speeds and identify
viruses and worms even when the bits of malicious software are broken
up among multiple packets and interleaved among multiple traffic flows,
according to Lockwood. TCP/IP is the software used to direct Internet
The system is ready for practical use now. "We have a working
prototype of the platform running," said Lockwood. "We're working with
partners to deploy systems into remote networks now," he said.
Lockwood's research colleagues were James Moscola from Washington
University and Matthew Kulig, David Reddick and Tim Brooks from Global
Velocity. They presented the work at the Military and Aerospace Programmable
Logic Device (MALPD) conference in Washington, D.C. September 9 through
11, 2003. The research was funded by Global Velocity.
TRN Categories: Cryptography and Security; Internet
Story Type: News
Related Elements: Technical paper, "Internet Worm and Virus
Protection in Dynamically Reconfigurable Hardware", Military and Aerospace
Programmable Logic Device (MALPD) conference, Washington D.C., September
9-11, 2003 and posted at www.arl.wustl.edu/~lockwood/publications/MAPLD_2003_e10_lockwood_p.pdf
December 17/24, 2003
PDA translates speech
Device guards Net
Body handles nanofiber
Chemists grow nano
Solid fuel cell
works in heat
Hybrid crypto secures
Chip uses oil
to move droplets
Light spots sort
Research News Roundup
Research Watch blog
View from the High Ground Q&A
How It Works
News | Blog
Buy an ad link