高级安全代理:高性能网络防火墙的体系结构和实现

MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341) Pub Date : 1999-10-31 DOI:10.1109/MILCOM.1999.822781

R. Knobbe, A. Purtell, S. Schwab

{"title":"高级安全代理:高性能网络防火墙的体系结构和实现","authors":"R. Knobbe, A. Purtell, S. Schwab","doi":"10.1109/MILCOM.1999.822781","DOIUrl":null,"url":null,"abstract":"The TIS Labs advanced security proxies' (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet.","PeriodicalId":334957,"journal":{"name":"MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Advanced security proxies: an architecture and implementation for high-performance network firewalls\",\"authors\":\"R. Knobbe, A. Purtell, S. Schwab\",\"doi\":\"10.1109/MILCOM.1999.822781\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The TIS Labs advanced security proxies' (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet.\",\"PeriodicalId\":334957,\"journal\":{\"name\":\"MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MILCOM.1999.822781\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.1999.822781","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

TIS实验室高级安全代理(ASP)项目正在研究高性能防火墙的软件架构，以确保下一代网络的安全使用。该项目的目标是演示一种体系结构和实现，在这种体系结构和实现中，特定于协议的代理控制何时允许数据传输通过防火墙，但它允许代理在确定数据如何传输防火墙方面有一系列选项。通过使用有选择地使用一系列低级协议栈特性的代理，这种新颖的体系结构在确定代理检查哪些信息方面提供了更高的性能和更大的灵活性。这些决策是在每个代理连接的粒度上做出的。我们描述了防火墙的设计和实现，并报告了使用快速以太网的初步实验结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Advanced security proxies: an architecture and implementation for high-performance network firewalls

The TIS Labs advanced security proxies' (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341)

自引率

0.00%

发文量