Abstract | ||
---|---|---|
Many computer network provide limited security through simple firewall feature in router and switch. Some networks that require higher security use deep packet filter to capture packets that can not be detected by simple firewall. Deep packet filters use list of rules for determining safety of packets. There is a high degree of parallelism in processing these rules because each rule represent independent pattern matching process. We find that the underlying architecture for existing software and hardware firewalls do not fully take advantage of this parallelism. Thus, we design a deep packet filtering firewall on a field programmable gate array (FPGA) to take advantage of the parallelism while retaining its programmability. Our implementation is capable of processing over 2.88 gigabits per second of network stream on an Altera EP20K series FPGA without manual optimization. |
Year | DOI | Venue |
---|---|---|
2002 | 10.1007/3-540-46117-5_48 | FPL |
Keywords | Field | DocType |
specialized hardware,deep network packet filtering,deep packet filter,field programmable gate array,altera ep20k series fpga,network stream,simple firewall feature,simple firewall,higher security use,deep packet,limited security,computer network | Computer science,Degree of parallelism,Real-time computing,Stateful firewall,Computer hardware,Distributed computing,Firewall (construction),Parallel computing,Network packet,Field-programmable gate array,Application firewall,Context-based access control,Router,Embedded system | Conference |
Volume | ISSN | ISBN |
2438 | 0302-9743 | 3-540-44108-5 |
Citations | PageRank | References |
67 | 7.44 | 13 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Young H. Cho | 1 | 302 | 29.05 |
Shiva Navab | 2 | 79 | 11.30 |
William H. Mangione-Smith | 3 | 2434 | 251.48 |