Safe Execution of Untrusted Applications on Embedded Network Processors

This paper summarises research conducted in 2002 on the programmability of network processors. Controlling the function of embedded network processor systems has so far been confined to simple configuration languages while full programmability is available only to trusted system-level programmers. In this paper, we enable the safe execution of untrusted code on IXP network processors. We extend techniques used in extensible OS kernels, adapting them to the characteristics of network processing to produce a restricted execution model trading off some flexibility for robustness, yet enabling a wide range of low-level applications not presently possible. Copyright © 2008, Inderscience Publishers