Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ISCC
2005
IEEE
2005
IEEE
Trie-Based Policy Representations for Network Firewalls
Network firewalls remain the forefront defense for most computer systems. These critical devices filter traffic by comparing arriving packets to a list of rules, or security policy, in a sequential manner. Unfortunately packet filtering in this fashion can result in significant traffic delays, which is problematic for applications that require strict Quality of Service (QoS) guarantees. Given this demanding environment, new methods are needed to increase network firewall performance. This paper introduces a new technique for representing a security policy that maintains policy integrity and provides more efficient processing. The policy is represented as an n-ary retrieval tree, also referred to as a trie. The worst case processing requirement for the policy trie is a fraction compared a list representation, which only considers rules individually (1/5 the processing for TCP/IP networks). Furthermore unlike other representations, the nary trie developed in this paper can be pr...
Real-time TrafficRelated Content
| Added | 25 Jun 2010 |
| Updated | 25 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ISCC |
| Authors | Errin W. Fulp, Stephen J. Tarsa |
Comments (0)
Researcher Info
|
