|
Publication
|
Title of Article |
High-speed Firewall Rule Verification with O(1) Worst-case Access Time |
Date of Acceptance |
23 January 2016 |
Journal |
Title of Journal |
International Journal of Network Security (IJNS) |
Standard |
SCOPUS |
Institute of Journal |
National Chung Hsing University |
ISBN/ISSN |
1816-3548 |
Volume |
|
Issue |
19 |
Month |
มกราคม |
Year of Publication |
2017 |
Page |
ึ72-84 |
Abstract |
Firewalls enforced by rules are a security measure for
verifying huge packets at gateway networks. Therefore,
they probably act as bottlenecks of the networks. In this
paper, we have presented several techniques to improve
the speed of firewall rule verification with O(1) worst-
case access time. The techniques are: policy mapping
(PMAP), sparse matrix packing firewall (SMPF), perfect
hashing firewall (PHF) and minimal perfect hashing fire-
wall (MPHF). The experimental results show that they
are as fast as IPSet, one of the most famous high-speed
firewalls at present. However, they can get rid of IPSet
limitations such as IP address classes, subnet size of each
rule set and so on. Besides, on average, SMPF, MPHF
and PFH can reduce the amount of memory usage of
PMAP by 99.9, 87.7 and 62.3 percent respectively |
Keyword |
Minimal perfect hashing firewall, perfect hash- ing firewall, policy mapping, rule verification, sparse ma- trix packing firewall. |
Author |
|
Reviewing Status |
มีผู้ประเมินอิสระ |
Status |
ตีพิมพ์แล้ว |
Level of Publication |
นานาชาติ |
citation |
false |
Part of thesis |
true |
Attach file |
|
Citation |
0
|
|
|
|
|
|
|