HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis

TitleHILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
Publication TypeConference Paper
Year of Publication2014
AuthorsSommer, R., Vallentin M., De Carli L., & Paxson V.
Other Numbers3712
Abstract

When developing networking systems such as firewalls, routers,and intrusion detection systems, one faces a striking gap betweenthe ease with which one can often describe a desired analysis inhigh-level terms, and the tremendous amount of low-level imple-mentation details that one must still grapple with to come to a ro-bust solution. We present HILTI, a platform that bridges this divideby providing to application developers much of the low-level functionality, without tying it to a specific analysis structure. HILTI consists of two parts: (i)an abstract machine model that we tailor specifically to the networking domain, directly supporting thefield’s common abstractions and idioms in its instruction set; and(ii) acompilation strategy for turning programs written for the abstract machine into optimized, natively executable code. We havedeveloped a prototype of the HILTI compiler toolchain that fullyimplements the design’s functionality, and ported exemplars of networking applications to the HILTI model to demonstrate the aptness of its abstractions. Our evaluation of HILTI’s functionalityand performance confirms its potential to become a powerful platform for future application development.

Acknowledgment

This work was supported in part by funding provided to ICSI through National Science Foundation grants CNS : 0831535 ("Comprehensive Application Analysis and Control"), CNS : 0915667 ("A High-Performance Abstract Machine for Network Intrusion Detection"), and CNS : 1228792 ("Understanding and Exploiting Parallelism in Deep Packet Inspection on Concurrent Architectures"). Additional funding was provided through NSF grant CNS : 1228782 ("Understanding and Exploiting Parallelism in Deep Packet Inspection on Concurrent Architectures"). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation.

URLhttp://www.icsi.berkeley.edu/pubs/networking/hilti14.pdf
Bibliographic Notes

Proceedings of the Internet Measurement Conference 2014 (IMC 2014), Vancouver, British Columbia, Canada

Abbreviated Authors

R. Sommer, M. Vallentin, L. De Carli, and V. Paxson

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings