Sciweavers

ISCC
2005
IEEE

Trie-Based Policy Representations for Network Firewalls

14 years 5 months ago
Trie-Based Policy Representations for Network Firewalls
Network firewalls remain the forefront defense for most computer systems. These critical devices filter traffic by comparing arriving packets to a list of rules, or security policy, in a sequential manner. Unfortunately packet filtering in this fashion can result in significant traffic delays, which is problematic for applications that require strict Quality of Service (QoS) guarantees. Given this demanding environment, new methods are needed to increase network firewall performance. This paper introduces a new technique for representing a security policy that maintains policy integrity and provides more efficient processing. The policy is represented as an n-ary retrieval tree, also referred to as a trie. The worst case processing requirement for the policy trie is a fraction compared a list representation, which only considers rules individually (1/5 the processing for TCP/IP networks). Furthermore unlike other representations, the nary trie developed in this paper can be pr...
Errin W. Fulp, Stephen J. Tarsa
Added 25 Jun 2010
Updated 25 Jun 2010
Type Conference
Year 2005
Where ISCC
Authors Errin W. Fulp, Stephen J. Tarsa
Comments (0)