FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
IEEE Transactions on Parallel and Distributed Systems
Structure design and test of enterprise security management system with advanced internal security
Future Generation Computer Systems
Linear-tree rule structure for firewall optimization
CIIT '07 The Sixth IASTED International Conference on Communications, Internet, and Information Technology
Non-intrusive virtualization management using libvirt
Proceedings of the Conference on Design, Automation and Test in Europe
Addressing cloud computing security issues
Future Generation Computer Systems
Taxonomy of conflicts in network security policies
IEEE Communications Magazine
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
An early comparison of commercial and open-source cloud platforms for scientific environments
KES-AMSTA'12 Proceedings of the 6th KES international conference on Agent and Multi-Agent Systems: technologies and applications
Review: A survey of intrusion detection techniques in Cloud
Journal of Network and Computer Applications
Limitation of listed-rule firewall and the design of tree-rule firewall
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
The Effect of Firewall Testing Types on Cloud Security Policies
International Journal of Strategic Information Technology and Applications
Collaborative learning in the clouds
Information Systems Frontiers
Hi-index | 0.00 |
This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network.