{"title":"防火墙工程中的容错和泄漏","authors":"Robert N. Smith, S. Bhattacharya","doi":"10.1109/HASE.1998.731603","DOIUrl":null,"url":null,"abstract":"The idea and associated benefits of a Firewall cascade, with the firewalls (FWs) placed across a large complex network, distributed system has been proposed and evaluated by the authors (R.N. Smith and S. Bhattacharya, 1997). The paper extends the FW cascade approach to illustrate its applicability in a perspective of FW fault tolerance. We target the class of FW faults that are due to design errors, e.g., FW leaks. Given that most large complex FW designs are likely to contain design errors or leaks, the end-to-end security objective is how best to deploy a set of such potentially leaky FWs in a way that their net effect can seal or eliminate a majority of the FW leaks. The key idea of a FW cascade adding leak tolerance is due to the heterogeneity of different COTS FWs, as well as a higher assurance that not all distinct FWs are likely to contain identical leaks. The proposed capability in the paper enables a prudent design of a secure network that can scale along the levels of security needs, while maximizing performance, reducing cost and enhancing leak tolerance.","PeriodicalId":340424,"journal":{"name":"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Fault and leak tolerance in firewall engineering\",\"authors\":\"Robert N. Smith, S. Bhattacharya\",\"doi\":\"10.1109/HASE.1998.731603\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The idea and associated benefits of a Firewall cascade, with the firewalls (FWs) placed across a large complex network, distributed system has been proposed and evaluated by the authors (R.N. Smith and S. Bhattacharya, 1997). The paper extends the FW cascade approach to illustrate its applicability in a perspective of FW fault tolerance. We target the class of FW faults that are due to design errors, e.g., FW leaks. Given that most large complex FW designs are likely to contain design errors or leaks, the end-to-end security objective is how best to deploy a set of such potentially leaky FWs in a way that their net effect can seal or eliminate a majority of the FW leaks. The key idea of a FW cascade adding leak tolerance is due to the heterogeneity of different COTS FWs, as well as a higher assurance that not all distinct FWs are likely to contain identical leaks. The proposed capability in the paper enables a prudent design of a secure network that can scale along the levels of security needs, while maximizing performance, reducing cost and enhancing leak tolerance.\",\"PeriodicalId\":340424,\"journal\":{\"name\":\"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1998-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HASE.1998.731603\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HASE.1998.731603","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The idea and associated benefits of a Firewall cascade, with the firewalls (FWs) placed across a large complex network, distributed system has been proposed and evaluated by the authors (R.N. Smith and S. Bhattacharya, 1997). The paper extends the FW cascade approach to illustrate its applicability in a perspective of FW fault tolerance. We target the class of FW faults that are due to design errors, e.g., FW leaks. Given that most large complex FW designs are likely to contain design errors or leaks, the end-to-end security objective is how best to deploy a set of such potentially leaky FWs in a way that their net effect can seal or eliminate a majority of the FW leaks. The key idea of a FW cascade adding leak tolerance is due to the heterogeneity of different COTS FWs, as well as a higher assurance that not all distinct FWs are likely to contain identical leaks. The proposed capability in the paper enables a prudent design of a secure network that can scale along the levels of security needs, while maximizing performance, reducing cost and enhancing leak tolerance.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
