Thawatchai Chomsiri
A Stateful Mechanism for the Tree-Rule Firewall
Chomsiri, Thawatchai; He, Xiangjian; Nanda, Priyadarsi; Tan, Zhiyuan
Abstract
In this paper, we propose a novel connection tracking mechanism for Tree-rule firewall which essentially organizes firewall rules in a designated Tree structure. A new firewall model based on the proposed connection tracking mechanism is then developed and extended from the basic model of Net filter's Conn Track module, which has been used by many early generation commercial and open source firewalls including IPTABLES, the most popular firewall. To reduce the consumption of memory space and processing time, our proposed model uses one node per connection instead of using two nodes as appeared in Net filter model. This can reduce memory space and processing time. In addition, we introduce an extended hash table with more hashing bits in our firewall model in order to accommodate more concurrent connections. Moreover, our model also applies sophisticated techniques (such as using static information nodes, and avoiding timer objects and memory management tasks) to improve its processing speed. Finally, we implement this model on Linux Cent OS 6.3 and evaluate its speed. The experimental results show that our model performs more efficiently in comparison with the Net filter/IPTABLES.
Citation
Chomsiri, T., He, X., Nanda, P., & Tan, Z. (2014, September). A Stateful Mechanism for the Tree-Rule Firewall. Presented at 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications |
| Start Date | Sep 24, 2014 |
| End Date | Sep 26, 2014 |
| Publication Date | 2014-09 |
| Deposit Date | Nov 22, 2016 |
| Pages | 122-129 |
| Book Title | 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications |
| ISBN | 9781479965137 |
| DOI | https://doi.org/10.1109/trustcom.2014.20 |
| Keywords | Network security, firewall, tree-rule firewall, stateful firewall, connection tracking |
| Public URL | http://researchrepository.napier.ac.uk/Output/429190 |
You might also like
Machine Un-learning: An Overview of Techniques, Applications, and Future Directions
(2023)
Journal Article
A Digital Twin-Assisted Intelligent Partial Offloading Approach for Vehicular Edge Computing
(2023)
Journal Article
An omnidirectional approach to touch-based continuous authentication
(2023)
Journal Article
Special Issue on Adversarial AI to IoT Security and Privacy Protection: Attacks and Defenses
(2022)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search