HILTI: An Abstract Execution Environment for High-Performance Network Traffic Analysis
Title | HILTI: An Abstract Execution Environment for High-Performance Network Traffic Analysis |
Publication Type | Technical Report |
Year of Publication | 2010 |
Authors | Sommer, R., Weaver N., & Paxson V. |
Other Numbers | 2830 |
Abstract | When building applications that process large volumes of network trafficsuch as high-performance firewalls or intrusion detection systemsone faces a striking gap between the ease with which the desired analysis can often be described in high-level terms, and the tremendous amount of low-level implementation details one must still grapple with for coming to an efficient and robust system. We present a novel environment that provides a bridge between these two levels by offering to the application designer the high-level abstractions required for effectively describing typical network analysis tasks, while still ensuring the performance necessary for monitoring Gbps networks in operational settings. This new middle-layer comprises two main pieces: an abstract machine model that is specifically tailored to the networking domain and directly supports the fields common abstractions and idioms in its instruction set; and a compilation strategy for turning programs written for the abstract machine into highly optimized, natively executable task-parallel code for a given target platform. We present the design and an early prototype of the new environment and discuss opportunities for extensive compile-time code optimizations that our approach enables by leveraging domain-specific context. Such an environment holds promise for unleashing the communitys potential to build libraries of efficient analysis functionality, reusable across a wide range of scenarios. |
Acknowledgment | This work was made possible by National Science Foundation grants NSF-0831535 (Comprehensive Applications Analysis and Control) and NSF-0915667 (A High-Performance Abstract Machine for Network Intrusion Detection). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation. |
URL | http://www.icsi.berkeley.edu/pubs/techreports/TR-10-003.pdf |
Bibliographic Notes | ICSI Technical Report TR-10-003 |
Abbreviated Authors | R. Sommer, N. Weaver, and V. Paxson |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Technical Report |