%0 Journal Article
%T 范式路由器：规范路由器数据层的动态行为<br>Pattern router to regulate dynamic actions in the router dataplane
%A 徐磊
%A 徐恪
%J 清华大学学报（自然科学版）
%D 2018
%R 10.16511/j.cnki.qhdxxb.2018.21.019
%X 随着模块化可编程路由器越来越普遍，路由器面临的安全问题也越来越严峻。该文提出范式路由器，通过对模块化的数据层进行编码和预组合，达到对路由器数据层的动态监控和规范。该文对每个数据层行为标记一个行为标识（action identifier，AID），同时将合法AID预先存入范式表（regulated action table，RAT）。在路由器运行时，所有动态行为都被RAT校验，保证行为可信。该文用Click路由器和数据层开发包（data plane development kit，DPDK）路由器分别部署了范式路由器。实验结果表明：范式路由器仅占用了2 MB的空间和10%以下的带宽性能，同时捕获了所有数据层的恶意行为。<br>Abstract：Router security has become more important with the increasing number of programmable routers. This paper presents a pattern router that codes the modularized dataplane and pre-combines the result to monitor and regulate the dynamic actions in the dataplane. This method uses an action identifier (AID) for each action in the dataplane and puts the normal AID into a regulated action table (RAT) before running the router. When the router is working, all the dynamic actions are verified by the RAT to secure the honesty of each action. The pattern router was implemented in a Click router and in a data plane development kit (DPDK) router with tests showing that the pattern router occupies only 2 MB and uses less than 10% of the bandwidth to capture all the abnormal actions in the dataplane.
%K 路由器安全
%K 范式路由器
%K 路由器行为
%K &lt
%K br&gt
%K router security
%K pattern router
%K router action
%U http://jst.tsinghuajournals.com/CN/Y2018/V58/I8/693