Improving cloud network security using the Tree-Rule firewall

He, X; Chomsiri, T; Nanda, P; Tan, Z

Improving cloud network security using the Tree-Rule firewall

He, X

Chomsiri, T

Nanda, P

Tan, Z

Permalink

Publication Type:: Journal Article
Citation:: Future Generation Computer Systems, 2014, 30 (1), pp. 116 - 126
Issue Date:: 2014-01-01

Closed Access

	Filename	Description	Size
	1-s2.0-S0167739X13001386-main.pdf	Published Version	1.65 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	He, X https://orcid.org/0000-0001-8962-540X	en_US
dc.contributor.author	Chomsiri, T https://orcid.org/0000-0001-5998-9376	en_US
dc.contributor.author	Nanda, P https://orcid.org/0000-0002-5748-155X	en_US
dc.contributor.author	Tan, Z https://orcid.org/0000-0001-5420-2554	en_US
dc.date.issued	2014-01-01	en_US
dc.identifier.citation	Future Generation Computer Systems, 2014, 30 (1), pp. 116 - 126	en_US
dc.identifier.issn	0167-739X	en_US
dc.identifier.uri	http://hdl.handle.net/10453/22910
dc.identifier.uri	http://hdl.handle.net/10453/32960
dc.identifier.uri	http://hdl.handle.net/10453/32020
dc.identifier.uri	http://hdl.handle.net/10453/34216
dc.description.abstract	This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network. © 2013 Elsevier B.V. All rights reserved.	en_US
dc.relation.ispartof	Future Generation Computer Systems	en_US
dc.relation.isbasedon	10.1016/j.future.2013.06.024	en_US
dc.subject.classification	Distributed Computing	en_US
dc.title	Improving cloud network security using the Tree-Rule firewall	en_US
dc.type	Journal Article
utslib.citation.volume	1	en_US
utslib.citation.volume	30	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0803 Computer Software	en_US
utslib.for	0806 Information Systems	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Strength - CRIN - Realtime Information Networks
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
pubs.organisational-group	/University of Technology Sydney/Strength - INEXT - Innovation in IT Services and Applications
pubs.organisational-group	/University of Technology Sydney/Students
utslib.copyright.status	closed_access
pubs.issue	1	en_US
pubs.publication-status	Published	en_US
pubs.volume	30	en_US

Abstract:

This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network. © 2013 Elsevier B.V. All rights reserved.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/22910