Top

Published in:

2015 | OriginalPaper | Chapter

CPFirewall: A Novel Parallel Firewall Scheme for FWaaS in the Cloud Environment

Authors : Zhenfang Wang, ZhiHui Lu, Jie Wu, Kang Fan

Published in: Advances in Services Computing

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In cloud, resources are virtualized and the software delivery way is becoming something like a “service” to provide end user and operator benefits including on-demand self-service, resource pooling, rapid elasticity and service metering capability. As a part of network function virtualization, firewall virtualization can greatly increase the firewall configuration flexibility for the cloud environment. In this paper, we focus on FWaaS (Firewall as a Service) and we design a parallel firewall system called CPFirewall (Cloud Parallel Firewall System). In CPFirewall, the firewall resources are virtualized and multiple tenants can build up their own parallel firewall by renting virtual firewalls. This needs solve some challenges. We adopt a rule-splitting algorithm to build a rule anomaly set (We call it Wrapset.) for detecting rule anomaly. We design the rule-allocation algorithm to achieve the cloud-native features, including load balance and dynamic scale. And we also improve the system performance using Exponential Smoothing (ES) forecasting method. Experiment results have verified that CPFirewall has a higher efficiency than other firewall schemes and is much more suitable for the Cloud network environment.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Context-Aware Web Services Recommendation Based on User Preference Expansion

next chapter Dependency Aware Business Process Analysis for Service Identification

Acharya, H.B., Gouda, M.G.: Firewall verification and redundancy checking are equivalent. In: INFOCOM, 2011 Proceedings IEEE, pp. 2123–2128. IEEE (2011)

Liu, C., Mao, Y., Van der Merwe, J., et al.: Cloud resource orchestration: s data-centric approach. In: Proceedings of the Biennial Conference on Innovative Data Systems Research (CIDR), pp. 1–8 (2011)

Lam, H.Y., Wang, D., Chao, H.J.: A traffic-aware top-n firewall approximation algorithm. In: 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1036–1041. IEEE (2011)

Al-Shaer, E., Hamed, H.: Design and implementation of firewall policy advisor tools. DePaul University, CTI, Technical Report (2002)

Al-Shaer, E.S., Hamed, H.H.: Discovery of policy anomalies in distributed firewalls. In: INFOCOM 2004, Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 4, pp. 2605–2616. IEEE (2004)

Fulp, E.W.: Parallel firewall designs for high-speed networks. In: INFOCOM 2006, 25th IEEE International Conference on Computer Communications, Proceedings, pp. 1–4. IEEE (2006)

Hamed, H.H., El-Atawy, A., Al-Shaer, E.: Adaptive statistical optimization techniques for firewall packet filtering. In: INFOCOM 2006, vol. 6, pp. 1–12 (2006)

Chaure, R., Shandilya, S.K.: Firewall anamolies detection and removal techniques – a survey. Int. J. Emerg. Technol. 1(1), 71–74 (2010)

Hajjat, M., Sun, X., Sung, Y.W.E., et al.: Cloudward bound: planning for beneficial migration of enterprise applications to the cloud. ACM SIGCOMM Comput. Commun. Rev. 40(4), 243–254 (2010)CrossRef

10.

Khakpour, A.R., Liu, A.X.: First step toward cloud-based firewalling. In: 2012 IEEE 31st Symposium on Reliable Distributed Systems (SRDS), pp. 41–50. IEEE (2012)

11.

Lee, S., Purohit, M., Saha, B.: Firewall placement in cloud data centers. In: Proceedings of the 4th annual Symposium on Cloud Computing, p. 52. ACM (2013)

12.

Yu, S., Doss, R., Zhou, W., et al.: A general cloud firewall framework with dynamic resource allocation. In: 2013 IEEE International Conference on Communications (ICC), pp. 1941–1945. IEEE (2013)

13.

Gardner, E.S.: Exponential smoothing: the state of the art. J. Forecast. 4(1), 1–28 (1985)CrossRef

Title: CPFirewall: A Novel Parallel Firewall Scheme for FWaaS in the Cloud Environment
Authors: Zhenfang Wang
ZhiHui Lu
Jie Wu
Kang Fan
Publisher: Springer International Publishing
Book: Advances in Services Computing
Print ISBN: 978-3-319-26978-8

Electronic ISBN: 978-3-319-26979-5

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-26979-5_9

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner