{"title":"轻量级裸金属状态防火墙","authors":"Yihuan Xing, Ford-Long Wong, Akash Kumar","doi":"10.1109/PRDC.2014.15","DOIUrl":null,"url":null,"abstract":"A firewall is a crucial security element in modern computer networks. This work investigates and demonstrates the implementation of a lightweight TCP/IP firewall in a bare-metal environment, on a commercial embedded ARM device. Compared to an implementation having an operating system (OS), using bare-metal design enables reduction of exposure to potential vulnerabilities in OS code, and provides a more dependable system. The implemented firewall provides both static and stateful filtering capabilities, and is configurable in a user-friendly way. As the architecture of the commercial hardware used was not available under closed source licensing, it was discovered through analysis at both hardware and software levels. Some challenges were encountered, and tools were developed to address these. The prototype is validated through functional testing in a controlled environment successfully.","PeriodicalId":187000,"journal":{"name":"2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Lightweight Bare-Metal Stateful Firewall\",\"authors\":\"Yihuan Xing, Ford-Long Wong, Akash Kumar\",\"doi\":\"10.1109/PRDC.2014.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A firewall is a crucial security element in modern computer networks. This work investigates and demonstrates the implementation of a lightweight TCP/IP firewall in a bare-metal environment, on a commercial embedded ARM device. Compared to an implementation having an operating system (OS), using bare-metal design enables reduction of exposure to potential vulnerabilities in OS code, and provides a more dependable system. The implemented firewall provides both static and stateful filtering capabilities, and is configurable in a user-friendly way. As the architecture of the commercial hardware used was not available under closed source licensing, it was discovered through analysis at both hardware and software levels. Some challenges were encountered, and tools were developed to address these. The prototype is validated through functional testing in a controlled environment successfully.\",\"PeriodicalId\":187000,\"journal\":{\"name\":\"2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PRDC.2014.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2014.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A firewall is a crucial security element in modern computer networks. This work investigates and demonstrates the implementation of a lightweight TCP/IP firewall in a bare-metal environment, on a commercial embedded ARM device. Compared to an implementation having an operating system (OS), using bare-metal design enables reduction of exposure to potential vulnerabilities in OS code, and provides a more dependable system. The implemented firewall provides both static and stateful filtering capabilities, and is configurable in a user-friendly way. As the architecture of the commercial hardware used was not available under closed source licensing, it was discovered through analysis at both hardware and software levels. Some challenges were encountered, and tools were developed to address these. The prototype is validated through functional testing in a controlled environment successfully.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
