Abstract | ||
---|---|---|
Packet filtering provides initial layer of security based upon set of ordered filters called firewall policies. It examines the network packets and decides whether to accept or deny them. But when a packet matches two or more filters conflicts arise. Due to the conflicts, some filters are never executed and some filters are occasionally executed. It may results into unintended traffic and it is a tedious job for administrator to detect conflicts. Detection of conflicts through geometrical approach provides a systematic and powerful error classification, but as the filters and key fields of header increase, it demands high memory and computation time. To solve this problem, we propose a topological approach called BISCAL (Bit-vector based spatial calculus) to detect the conflicts in the firewall policies. As because of our approach preserves only the topology of the filters, it can reduce memory usage and computation time to a great extend |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/IPDPS.2009.5161245 | IPDPS |
Keywords | Field | DocType |
topological approach,high memory,initial layer,network packet,geometrical approach,computation time,memory usage,header increase,filters conflict,firewall policy,computer science,calculus,process algebra,authorisation,matched filters,computer security,network topology,computer networks | High memory,Computer science,Computer network,Header,Matched filter,Process calculus,Computation,Distributed computing,Topology,Firewall (construction),Parallel computing,Network packet,Network topology | Conference |
ISSN | Citations | PageRank |
1530-2075 | 8 | 0.52 |
References | Authors | |
17 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Subana Thanasegaran | 1 | 11 | 1.97 |
Yi Yin | 2 | 15 | 2.55 |
Yuichiro Tateiwa | 3 | 13 | 6.80 |
Yoshiaki Katayama | 4 | 226 | 40.42 |
Naohisa Takahashi | 5 | 123 | 27.99 |