Limitation of listed-rule firewall and the design of tree-rule firewall

Thawatchai Chomsiri, Xiangjian He, Priyadarsi Nanda

Research output: Chapter in Book/Conference proceedingConference contributionpeer-review

7 Citations (Scopus)

Abstract

This research will illustrate that firewalls today (Listed-Rule Firewall) have five important limitations which may lead to security problem, speed problem, and "difficult to use" problem. These limitations consist of, firstly, limitation about "Shadowed rules" (the rule that cannot match with any packet because a packet will be matched with other rules above) which can lead to security and speed problem. Secondly, limitation about swapping position between rules can bring a change in firewall policy and cause security problem. The third limitation is about "Redundant rules" which can cause speed problem. Next, limitation of rule design; firewall administrators have to put "Bigger Rules" only at the bottom or lower positions that can result in a "difficult to use" problem. Lastly, limitation from sequential computation can lead to speed problem. Moreover, we also propose design of the new firewall named "Tree-Rule Firewall" which does not have above limitations.

Original languageEnglish
Title of host publicationInternet and Distributed Computing Systems - 5th International Conference, IDCS 2012, Proceedings
EditorsYang Xiang, Mukaddim Pathan, Xiaohui Tao, Hua Wang
PublisherSpringer Verlag
Pages275-287
Number of pages13
ISBN (Print)9783642348822
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event5th International Conference on Internet and Distributed Computing Systems, IDCS 2012 - Wuyishan, China
Duration: 21 Nov 201223 Nov 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7646 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Conference on Internet and Distributed Computing Systems, IDCS 2012
Country/TerritoryChina
CityWuyishan
Period21/11/1223/11/12

Keywords

  • Firewall
  • Network security
  • Rule conflict
  • Rule list
  • Tree rule

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Limitation of listed-rule firewall and the design of tree-rule firewall'. Together they form a unique fingerprint.

Cite this