Dr. Tim Sherwood, UC Santa Barbara

A Real-time Packet Scan Architecture
Sp-421, 1500-1550, 14 July 2005
(Download PDF)

Given the importance of protecting information and services, Network Intrusion Detection and Prevention Systems have emerged as one of the most promising ways to provide network security. Building a system that has both high performance and stringent worst case bounds requires that we rethink some of the underlying primitives. String matching is one of the most critical elements because it allows the system to make decisions based on the actual content flowing through the network. Unfortunately, checking every byte of every packet to see if it matches one of a set of ten thousand strings becomes a computationally intensive task as network speeds grow into the tens, and eventually hundreds, of gigabits/second. At UCSB we have attacked this problem with a combination of formal languages, computer architecture, algorithms, and circuit design. The resulting system is approximately 10 times more efficient than the currently best known approaches.

About Dr. Sherwood
Bio: Tim Sherwood is an Assistant Professor in Computer Science at the UC Santa Barbara. Before joining UCSB, he received his B.S from UC Davis and his M.S. and Ph.D. from UC San Diego. While at San Diego he designed SimPoint, a program phase analysis toolkit used by both academic and industrial computer architects to reduce simulation time and guide optimization. In addition to this work, Dr. Sherwood performs research broadly in the area of embedded, network, and security processor design.