Improving cloud network security using the Tree-Rule firewall
نویسندگان
چکیده
This study proposes a new model of firewall called the ‘Tree-Rule Firewall’, which offers various benefits and is applicable for large networks such as ‘cloud’ networks. The recently available firewalls (i.e., ListedRule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network. © 2013 Elsevier B.V. All rights reserved.
منابع مشابه
Gestion de la sécurité des réseaux à l'aide d'un service innovant de Cloud Based Firewall. (Network Security Management Using a Novel Firewall Cloud-Based Service)
متن کامل
A New Method for Intrusion Detection Using Genetic Algorithm and Neural network
Abstract— In order to provide complete security in a computer system and to prevent intrusion, intrusion detection systems (IDS) are required to detect if an attacker crosses the firewall, antivirus, and other security devices. Data and options to deal with it. In this paper, we are trying to provide a model for combining types of attacks on public data using combined methods of genetic algorit...
متن کاملHybrid Tree-rule Firewall for High Speed Data Transmission
Traditional firewalls employ listed rules in both configuration and process phases to regulate network traffic. However, configuring a firewall with listed rules may create rule conflicts, and slows down the firewall. To overcome this problem, we have proposed a Tree-rule firewall in our previous study. Although the Tree-rule firewall guarantees no conflicts within its rule set and operates fas...
متن کاملA Literature Review on Cloud Computing Security Issues
The use of Cloud Computing has increasedrapidly in many organization .Cloud Computing provides many benefits in terms of low cost and accessibility of data. In addition Cloud Computing was predicted to transform the computing world from using local applications and storage into centralized services provided by organization.[10] Ensuring the security of Cloud Computing is major factor in the Clo...
متن کاملDeveloping Multidimensional Firewall Configuration Visualizations
Firewall configuration files are created and edited as text files, despite significant size, complexity, and the possibility of interaction between entries. We embedded interactive visualizations in a simple firewall ruleset editor. To make rulesets visualizable, we calculate the set of packets accepted by the firewall as a restricted case of constructive solid geometry. We show a lossless visu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Future Generation Comp. Syst.
دوره 30 شماره
صفحات -
تاریخ انتشار 2014