Computer Science Department
School of Computer Science, Carnegie Mellon University
Self-Securing Network Interfaces: What, Why and How
Gregory R. Ganger, Gregg Economou, Stanley M. Bielski
Keywords: Network security, intrusion detection, firewall,
proxy, virus, worm, NIC
Self-securing network interfaces (NIs) examine the packets that
they move between network links and host software, looking for
and potentially blocking malicious network activity.
This paper describes self-securing network interfaces, their
features, and examples of how these features allow administrators
to more effectively spot and contain malicious network activity.
We present a software architecture for self-securing NIs that
separates scanning software into applications (called scanners)
running on a NI kernel.
The resulting scanner API simplifies the construction of
scanning software and allows its powers to be contained even
if it is subverted. We illustrate the potential via a prototype
self-securing NI and two example scanners: one that identifies
and blocks known e-mail viruses and one that identifies and
inhibits rapidly-propagating worms like Code-Red.