Show simple item record

dc.contributor.authorCheng, Y.Z.*
dc.contributor.authorWang, W.P.*
dc.contributor.authorMin, Geyong*
dc.contributor.authorWang, J.X.*
dc.date.accessioned2016-09-21T15:37:35Z
dc.date.available2016-09-21T15:37:35Z
dc.date.issued2015-08-25
dc.identifier.citationCheng YZ, Wang WP, Min GY et al (2015) A new approach to designing firewall based on multidimensional matrix. Concurrency and Computation-Practice & Experience. 27(12): 3075-3088.
dc.identifier.urihttp://hdl.handle.net/10454/9134
dc.descriptionNo
dc.description.abstractFirewalls are crucial elements to enhance network security by examining the field value of every packet and decide whether to accept or discard the packet according to the firewall policy. However, the design of firewall policies, especially for enterprise networks, is complex and error-prone. This paper aims to propose an effective firewall design method to ensure the consistency, compactness and completeness of firewall rules. Specifically, we develop a new designing model, namely firewall design matrix, and the corresponding construction algorithm for mapping firewall rules to firewall design matrix. A firewall generation algorithm is proposed to generate the target firewall rules that are equivalent to the original ones while maintaining the completeness. Theoretical proof and extensive experiments on both real-world and synthetic firewalls are conducted to evaluate the performance of the proposed method. The results demonstrate that it can achieve a high compression ratio efficiently while maintaining the firewall rules conflict-free. Copyright (c) 2013 John Wiley & Sons, Ltd.
dc.language.isoenen
dc.subjectFirewall
dc.subjectNetwork security
dc.subjectFirewall design
dc.subjectMultidimensional matrix
dc.titleA new approach to designing firewall based on multidimensional matrix
dc.status.refereedYes
dc.date.application2013-11-27
dc.typeArticle
dc.type.versionNo full-text in the repository
dc.identifier.doihttps://doi.org/10.1002/cpe.3178
dc.openaccess.statusclosedAccess
dc.date.accepted2013-10-22


This item appears in the following Collection(s)

Show simple item record