Customisable Hardware Compilation
The Journal of Supercomputing
Multi-constraint Security Policies for Delegated Firewall Administration
DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
Multi-constraint security policies for delegated firewall administration
International Journal of Network Management
| Hi-index | 0.00 |
We describe a framework for capturing firewall requirementsas high-level descriptions based on the policy specificationlanguage Ponder. The framework provides abstractionfrom hardware implementation while allowingperformance control through constraints. Our hardwarecompilation strategy for such descriptions involves a rulereduction step to produce a hardware firewall rule representation.Three main methods have also been developedfor resource optimisation: partitioning, elimination, andsharing. A case study involving five sets of filter rulesindicates that it is possible to reduce 67-80% of hardwareresources over techniques based on regular content-addressablememory, and 24-63% over methods based onirregular content-addressable memory.