Limitation of Listed-Rule Firewall and the Design of Tree-Rule Firewall

Publication Type:
Conference Proceeding
Internet and Distributed Computing Systems (LNCS), 2012, 7646 pp. 275 - 287
Issue Date:
Full metadata record
Files in This Item:
Filename Description Size
2012000601OK.pdfPublished Version328.5 kB
Adobe PDF
This research will illustrate that firewalls today (Listed-Rule Firewall) have five important limitations which may lead to security problem, speed problem and "difficult to use" problem. These limitations consist of, firstly, limitation about "Shadowed rules" (the rule that cannot match with any packet because a packet will be matched with other rules above) which can lead to security and speed problem. Secondly, limitatin about swapping position between rules can bring a change in firewall policy and cause security problem. The third limitation is about "Redundant rules" which can cause speed problem. Next,limitation of rule design; firewall administrators have to put "Bigger Rules" only at the bottom or lower positions can result in a "difficult to use" problem. Lastly, limitation from sequential computation can lead to speed problem. Moreover, we also propose design of the new firewall named "Tree-Rule Firewall" which does not have above limitations.
Please use this identifier to cite or link to this item: