RSS: A Reconfigurable Security System Designed on NetFPGA and Virtex5-LX110T

This paper designs a novel security system on NetFPGA platform and Virtex5-LX110T using embedded soft-core technology. The system consists of two subsystems. The first one is a mainly used to protection subnets, which is implemented on NetFPGA board and the second one is a network intrusion detection system (NIDS) which is implemented on Xilinx Virtex5-LX110T board. Moreover, the two subsystems are not independent and they cooperate to form the cohesive reconfigurable security system (RSS). In the proposed system, NetFPGA is used to achieve packet filtering, ARP attacks immunity and traffic monitoring with hardware, which is in fact a hardware firewall, and Virtex5 is used to analyze attacks by capturing incoming packets, then transmitting the results to NetFPGA for updating packet filtering tables. To further enhance the security, two types of remote reconfigurable design methods are introduced, by which administrators are able to reconfigure both the software and the hardware of the two subsystems via authorized devices to change the security policies. Extensive experiments show that all the functions of the designed blocks are valid and the designed security system is feasible.