Internet Archive Scholar

The Policy Mapping Algorithm for High-speed Firewall Policy Verifying

Suchart Khummanee, Kitt Tientanopajai
2016 International Journal of Network Security  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (621.9 kB)
https://web.archive.org/web/20200727225317/http://ijns.jalaxy.com.tw/contents/ijns-v18-n3/ijns-2016-v18-n3-p433-444.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

In this paper, we have proposed a novel algorithm and data structures to improve the speed of firewall policy verification. it is called the policy mapping (PMAP). Time complexity of the proposed technique is O(1) to verify incoming-outgoing packets against the firewall policy. Besides, the algorithm is not limited to handle IP network classes as IPSET which is the top of high-speed firewall open source today. PMAP can also optimize the firewall rule decision by employing the firewall decision
more » ... tate diagram (FDSD) to clarify ordering of policy verifying. The consumed memory of PMAP is reasonable. It consumes the memory usage around 3.27 GB for maintaining rule data structures processing the firewall rule at 5,000 rules.
dblp:journals/ijnsec/KhummaneeT16 fatcat:k2qvgtixxffehf5zuhlmkuqafe
Open Access
Citation

Suchart Khummanee, Kitt Tientanopajai. "The Policy Mapping Algorithm for High-speed Firewall Policy Verifying." International Journal of Network Security (2016) 433-444