Compiling Policy Descriptions into Reconfigurable Firewall Processors

Napa, California April 09-April 11

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/FPGA.2003.1227240

11th Annual IEEE Symposium on Field-P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by T.K. Lee Articles by S. Yusuf Articles by W. Luk Articles by M. Sloman Articles by E. Lupu Articles by N. Dulay

	ASCII Text	x
	T.K. Lee, S. Yusuf, W. Luk, M. Sloman, E. Lupu, N. Dulay, "Compiling Policy Descriptions into Reconfigurable Firewall Processors," Field-Programmable Custom Computing Machines, Annual IEEE Symposium on, pp. 39, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003.

	BibTex	x
	@article{ 10.1109/FPGA.2003.1227240, author = {T.K. Lee and S. Yusuf and W. Luk and M. Sloman and E. Lupu and N. Dulay}, title = {Compiling Policy Descriptions into Reconfigurable Firewall Processors}, journal ={Field-Programmable Custom Computing Machines, Annual IEEE Symposium on}, volume = {0}, year = {2003}, issn = {1082-3409}, pages = {39}, doi = {http://doi.ieeecomputersociety.org/10.1109/FPGA.2003.1227240}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Field-Programmable Custom Computing Machines, Annual IEEE Symposium on TI - Compiling Policy Descriptions into Reconfigurable Firewall Processors SN - 1082-3409 SP EP A1 - T.K. Lee, A1 - S. Yusuf, A1 - W. Luk, A1 - M. Sloman, A1 - E. Lupu, A1 - N. Dulay, PY - 2003 KW - null VL - 0 JA - Field-Programmable Custom Computing Machines, Annual IEEE Symposium on ER -

T.K. Lee, Imperial College

S. Yusuf, Imperial College

W. Luk, Imperial College

M. Sloman, Imperial College

E. Lupu, Imperial College

N. Dulay, Imperial College

We describe a framework for capturing firewall requirements as high-level descriptions based on the policy specification language Ponder. The framework provides abstraction from hardware implementation while allowing performance control through constraints. Our hardware compilation strategy for such descriptions involves a rule reduction step to produce a hardware firewall rule representation. Three main methods have also been developed for resource optimisation: partitioning, elimination, and sharing. A case study involving five sets of filter rules indicates that it is possible to reduce 67-80% of hardware resources over techniques based on regular content-addressable memory, and 24-63% over methods based on irregular content-addressable memory.

Citation:

T.K. Lee, S. Yusuf, W. Luk, M. Sloman, E. Lupu, N. Dulay, "Compiling Policy Descriptions into Reconfigurable Firewall Processors," fccm, pp.39, 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.