gem firewall
Post on 26-Oct-2014
124 Views
Preview:
TRANSCRIPT
By,Pritam K. Kathar 55
Rahul B. Kavale 56Ajit M. Kshirsagar 57Prashant P. Mundhe 59
Bhushan G. Nadekar 60
Guided By,Prof. Dr. P. J. Kulkarni
What is Firewall?A firewall is a device or set of
devices designed to permit or deny network transmissions based upon a set of rules
is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
It has set of rules to check the packet.
Packet matching involves matching on many fields from the TCP and IP packet header.
Why Efficient Matching ?
•Network traffic is increasing tremendously
•Linear packet filtering requires much time to filter this huge traffic
•firewall should be able to sustain a very highthroughput, or risk becoming a bottleneck
•An efficient matching algorithm filters more packets per sec.i.e. 30,000 packets per second with 10000 rules
Approach
• Each packet is considered to be made up of 5 fields-1.Protocol2. source IP address 3. Destination IP address4. source port number5. Destination port number
• GEM Data structure is created•Packet is checked against these 5 fields and a winning rule is found out• The packets are then filtered using only winning rule rather than all the rules
GEM Data structure
Algorithm
• The firewall packet matching problem finds the first rule that matches a given packet on one or more fields from its header
• Every rule consists of set of ranges [li, ri] for i = 1, . . . , d, where each range corresponds to the i-th field in a packet header. The field values are in 0 ≤ li , ri ≤ Ui ,
where Ui =232 −1 for IP addresses, Ui = 65535 for port numbers, and Ui = 255 for ICMP message type or code
Search Algorithm:The packet header contains the protocol number, source and
destination address and port numbers fields First, we check the protocol field and go to the protocol array of the
search data structure, to select the corresponding protocol database headerFrom this point, we traverse data structure with the corresponding
field value on every level We find the matching simple range and continue to the next level. The last level gives us the winning rule
Working:-
SYSTEM REQUIRMENT
Software Requirement: - Operating System : Windows VISTA ,Windows 7 - Development Platform RequirementDevelopment Platform for GEM : Visual Studio 2010Development Platform for GUI : Net Beans IDE
- Development languagesDevelopment language for GEM: VC++Development Language for GUI : JAVA
Minimum Hardware Requirement: -System : Pentium IV 2.4 GHz -Hard Disk : 40 GB -RAM : 512 MB
Simulation StudyFor the simulation or performance analysis we implemented
and tested it in isolation. The GEM build and search implemented in Visual C++ language, using Microsoft Visual Studio 2010. The simulation were performed at 2.13 GHz Intel Pentium P6 200 PC with RAM of 2 GB DDR3 having Hard Disk Drive of 500GB running Windows 7 Ultimate (32 bit) operating system.
We have performed this simulation on two different type of firewall 1) Linear 2) GEM. In GEM implemented firewall we again classified it as a state-full and a stateless. For comparing we selected the random rules and we recorded the different time for matching the rules and from that we calculated the average time for linear, state-full GEM and stateless GEM. From that recorded data we have drawn the graph.
Simulation Statistics (Comparing the Build Time)No Of Rules Time (microseconds) Avg. Time (microseconds)
100
0.47390.48010.53630.52360.5420
0.5084
350
0.52480.51320.59300.64190.5003
0.5546
700
0.53930.65480.66400.76430.5711
0.6387
1400
0.63190.76370.61440.65370.6641
0.6656
2500
0.65320.63390.66490.63690.6845
0.6807
Comparing ExecutionNO of Rules Linear Matching
(Time in µs)State-full Matching
(Time in µs)Stateless
(Time in µs)
500
0.0047500.0033500.002780
Avg.: 0.003627
0.0018150.0013950.001070
Avg.: 0.001232
0.0074300.0079000.007320
Avg.: 0.007550
1000
0.0066150.0075000.007845
Avg.: 0.007781
0.0009500.0009000.000900
Avg.: 0.000900
0.0207000.014730.01445
Avg.: 0.01732
2500
0.017960.013540.01680
Avg.: 0.01610
0.0015400.0015150.001380.
Avg.: 0.001448
0.24520.23670.2383
Avg.: 0.240660
5000
0.028320.027960.02707
Avg.: 0.02754
0.0009050.0008900.000895
Avg.: 0.000893
0.521520.527480.52634
Avg.: 0.52514
Advantages:GEM’s matching speed is far better than the naive linear
search, and it is able to increase the throughput GEM can filter over 30,000 packets-per-second on a
standard PC, even with 10,000 rules On rule-bases generated according to realistic statistics,
GEM’s space complexity is well within the capabilities of modern hardware
Disadvantages:
Space complexity is high.(worst-case complexity is O(n4) for a rule-base with n rules)
Building GEM data structure requires computational
overhead
References
[1] Dmitry Rovniagin and Avishai Wool, Senior Member, IEEE “THE GEOMETRIC EFFICIENT MATCHING ALGORITHM FOR FIREWALLS” IEEE Transactions On Dependable And Secure Computing ,Vol. 8, No. 1, Jan-Feb 2011
[2] Andronescu Alexandra “LIBFW: GENERIC FIREWALL LIBRARY FOR MULTIPLE OPERATING SYSTEMS”
[3] Alex X. Liu, Member, IEEE, and Mohamed G. Gouda, Member, IEEE “Firewall Policy Queries” IEEE Transactions On Parallel And Distributed Systems, Vol. 20, No. X, Xxx 2009
[4] Alex X. Liu Eric Torng Chad R. Meiners, Department of Computer Science and Engg,
Michigan State University, East Lansing, MI 48824, U.S.A. “Firewall Compressor: An Algorithm for Minimizing Firewall Policies”
ConclusionGEM’s matching speed is far better than the
naive linear search. GEM’s space complexity is well within the
capabilities of modern hardware.The GEM algorithm enjoys a logarithmic
matching time performance
Thank You .. !!
top related