Limitation of listed-rule firewall and the design of tree-rule firewall

  • Authors:

  • Thawatchai Chomsiri;Xiangjian He;Priyadarsi Nanda

  • Affiliations:

  • School of Computing and Communications, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia;School of Computing and Communications, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia;School of Computing and Communications, Faculty of Engineering and Information Technology, University of Technology, Sydney, Australia

  • Venue:
  • IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

This research will illustrate that firewalls today (Listed-Rule Firewall) have five important limitations which may lead to security problem, speed problem, and "difficult to use" problem. These limitations consist of, firstly, limitation about "Shadowed rules" (the rule that cannot match with any packet because a packet will be matched with other rules above) which can lead to security and speed problem. Secondly, limitation about swapping position between rules can bring a change in firewall policy and cause security problem. The third limitation is about "Redundant rules" which can cause speed problem. Next, limitation of rule design; firewall administrators have to put "Bigger Rules" only at the bottom or lower positions that can result in a "difficult to use" problem. Lastly, limitation from sequential computation can lead to speed problem. Moreover, we also propose design of the new firewall named "Tree-Rule Firewall" which does not have above limitations.