2006 Fiscal Year Final Research Report Summary
Firewall Processor based on Self-Timed Pipeline Circuit
| Project/Area Number |
17500052
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Kochi University of Technology |
|---|
Principal Investigator |
IWATA Makoto Kochi University of Technology, Engineering, Professor, 工学部, 教授 (60232683)
|
|---|
| Project Period (FY) |
2005 – 2006
|
| Keywords | self-timed circuit / data-driven / stream-driven architecture / firewall / network processor / self-timed pipeline / signature matching / multi-core |
|---|
| Research Abstract |
This research project aimed at establishing a flexible embedded firewall processor realized by the self-timed pipeline circuit because the self-timed circuit provides smart advantages such as easy-to-design, low power, and parallel processing capabilities. Recently, personal firewall as well as network firewall is demanded along with widespread of personal mobile devices such as mobile phone and PDA. However, since most of personal firewall is realized by software, it will not work at all if its operating system is infected by some virus. The embedded firewall processor developed in this project is independent of the OS so that it is robust against malicious attacks.
1. Basic architecture of embedded firewall processor
In order to achieve high performance, it is essential to represent pipelined parallelism inherent in various filtering algorithms in layer 3 to 7. We therefore focused on the non-strictness of the filtering process and hierarchical structure of stream data and then formulated a novel stream flow graph (SFG) which can express them explicitly. Furthermore, we proposed a novel stream-driven multiprocessor architecture based on the dynamic data-driven processing scheme in order to execute SFG descriptions directly in parallel.
2. LSI design of dedicated self-timed hardware modules
We designed a signature matching engine realizing a hybrid algorithm of both AC-Fail and AC-Opt algorithms to inspect content of higher layer packets for HTTP and SMTP. Its FPGA implementation achieved over 2.3 G b/s with only 180 MB memory requirement. Furthermore, we design a more advanced self-timed data-transfer control circuit which enable to interact between two pipelines each other. It is revealed that this circuit transfers data over 400 M packets per second under 0.18 um CMOS.
|
Research Products
(12 results)
