Symbolic Boolean manipulation with ordered binary-decision diagrams
ACM Computing Surveys (CSUR)
High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Packet classification on multiple fields
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Hi-index | 0.00 |
Packet filtering in a firewall is one of the useful tools for network security. Packet filtering examines network packet and decides whether to accept, or deny it and this decision is determined by a packet filtering configuration developed by the network administrator. An administrator may find hard to understand and maintain a configuration, and this burden will furthermore be increased to find anomalies between two configurations, especially when the size of filters in a configuration increased. This difficulty may leave the administrator with less confidence that the configurations are correctly and completely implemented. This paper presents a system with SIERRA (A systolic filter sieve array) which can detect the anomalies between two configurations. It provides three functions, side-effects analysis function, equality judgment function, and composition analysis function. Experimental results show that the proposed system is suitable for small network and configurations with large number of filters.