Tree rule firewall

Publication Type:
Thesis
Issue Date:
2016
Full metadata record
Firewall is a network component for deciding packets whether they will be accepted or denied. The packet decision results are dependent on rule policy pre-defined by firewall administrators. In traditional firewalls, the rule policy will be arranged in a list of rule line called 'listed rule'. The listed rule can cause three significant problems consisting of speed, security, and user friendly problems. The speed problems can occur because many packets will be matched with the rule positioned in bottom positions. Firewall may waste time to verify packets with many rules positioned above the matched rule. Moreover, the traditional firewalls also face to rule conflicts, e.g., shadowed rules. Many rules written to prevent attacking packets may be shadowed by some rules above them and cannot block any packet so that dangerous packets originated from outside can reach internal networks. Additionally, the traditional firewalls are involved with the lack of user-friendly features because administrators must have enough experience in order to create enough efficiency rules. This research proposes a novel firewall by using a tree structure of rules to solve the above problems. In the proposed approach, firewall administrators are able to design rules in the tree format, and then a core processor of firewall will process packets according to this format. The tree structure can be seen in both users' view and firewall's view. Packets will be verified with the tree shape of rule called 'tree rule'. To decide packet, searching for a data in the tree rule can be done quickly in comparison to searching data in the listed rule of traditional firewalls. This is because searching data in the Tree is faster than sequential searching data in Arrays. Moreover, rule conflicts can be eradicated, since each packet will be verified with the corresponding 'rule path' in the tree rule. This can avoid rule conflicts and shadowed rules. Thus, security problems caused by shadowed rules cannot be found in the tree rule firewall. Moreover, administrators can create rules easier with the GUI (Graphical User Interface) rule editor. They can design tree rule by creating nodes and links. There are ranges of IP addresses or ports inside each node. The GUI can sort the data inside nodes automatically and maintain consistency of the rule. Thus, the tree rule can be designed easily. Therefore, the Tree-Rule firewall can provide faster functional speed, be more secure, and be easier to use compared to traditional Listed-Rule firewalls.
Please use this identifier to cite or link to this item: