Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Final report and documentation for the security enabled programmable switch for protection of distributed internetworked computers LDRD.

Technical Report ·
DOI:https://doi.org/10.2172/984103· OSTI ID:984103
; ; ; ; ; ;

An increasing number of corporate security policies make it desirable to push security closer to the desktop. It is not practical or feasible to place security and monitoring software on all computing devices (e.g. printers, personal digital assistants, copy machines, legacy hardware). We have begun to prototype a hardware and software architecture that will enforce security policies by pushing security functions closer to the end user, whether in the office or home, without interfering with users' desktop environments. We are developing a specialized programmable Ethernet network switch to achieve this. Embodied in this device is the ability to detect and mitigate network attacks that would otherwise disable or compromise the end user's computing nodes. We call this device a 'Secure Programmable Switch' (SPS). The SPS is designed with the ability to be securely reprogrammed in real time to counter rapidly evolving threats such as fast moving worms, etc. This ability to remotely update the functionality of the SPS protection device is cryptographically protected from subversion. With this concept, the user cannot turn off or fail to update virus scanning and personal firewall filtering in the SPS device as he/she could if implemented on the end host. The SPS concept also provides protection to simple/dumb devices such as printers, scanners, legacy hardware, etc. This report also describes the development of a cryptographically protected processor and its internal architecture in which the SPS device is implemented. This processor executes code correctly even if an adversary holds the processor. The processor guarantees both the integrity and the confidentiality of the code: the adversary cannot determine the sequence of instructions, nor can the adversary change the instruction sequence in a goal-oriented way.

Research Organization:
Sandia National Laboratories
Sponsoring Organization:
USDOE
DOE Contract Number:
AC04-94AL85000
OSTI ID:
984103
Report Number(s):
SAND2010-0516
Country of Publication:
United States
Language:
English

Similar Records

Secure computing using cryptographic assurance of execution correctness.
Conference · Fri Oct 01 00:00:00 EDT 2004 · OSTI ID:948332
ModuleOT
Software · Sun Jan 24 19:00:00 EST 2021 · OSTI ID:code-50272
Hardware device binding and mutual authentication
Patent · Mon Mar 03 23:00:00 EST 2014 · OSTI ID:1126879

Related Subjects

99 GENERAL AND MISCELLANEOUS
COMPUTER ARCHITECTURE
COMPUTERS
Computer networks-Security measures.
Computer security.
DOCUMENTATION
Distributed computer systems.
MONITORING
SECURITY