Improving cloud network security using the Tree-Rule firewall

Publication Type:
Journal Article
Citation:
Future Generation Computer Systems, 2014, 30 (1), pp. 116 - 126
Issue Date:
2014-01-01
Full metadata record
Files in This Item:
Filename Description Size
Thumbnail1-s2.0-S0167739X13001386-main.pdfPublished Version1.65 MB
Adobe PDF
This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network. © 2013 Elsevier B.V. All rights reserved.
Please use this identifier to cite or link to this item: