Open AccessJournal Article
An extensible, system-on-programmable-chip, content-aware Internet firewall
John W. Lockwood,C.E. Neely,Christopher K. Zuver,James Moscola,Sarang Dharmapurikar,David Lim +5 more
Reads0
Chats0
TLDR
An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates as mentioned in this paper, using layered protocol wrappers to parse the content of Internet data.Abstract:
An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates The firewall uses layered protocol wrappers to parse the content of Internet data Packet payloads are scanned for keywords using parallel regular expression matching circuits Packet headers are compared to rules specified in Ternary Content Addressable Memories (TCAMs) Per-flow queuing is performed to mitigate the effect of Denial of Service attacks All packet processing operations were implemented with reconfigurable hardware and fit within a single Xilinx Virtex XCV2000E Field Programmable Gate Array (FPGA) The single-chip firewall has been used to filter Internet SPAM and to guard against several types of network intrusion Additional features were implemented in extensible hardware modules deployed using run-time reconfigurationread more
Citations
More filters
Dissertation
Reconfigurable Computing Based on Commercial FPGAs. Solutions for the Design and Implementation of Partially Reconfigurable Systems = Computación reconfigurable basada en FPGAs comerciales. Soluciones para el diseño e implementación de sistemas parcialmente reconfigurables.
TL;DR: This thesis work is focused on providing solutions that target commercial fine grain reconfigurable devices, FPGAs, in order to take advantage of existing tools and to keep the proposed solutions closer to the industry.
Journal Article
Reconfigurable router modules using network protocol wrappers
TL;DR: This work presents a framework to streamline and simplify networking applications that process ATM cells, AAL5 frames, Internet Protocol (IP) packets and UDP datagrams directly in hardware using the Field Programmable Port Extender (FPX).
Design and development of an intelligent security layer for web-based applications
Abdul Hanan Abdullah,Mohd Aizaini Maarof,Mohd. Yazid Idris,Abdul Samad Ismail,Cahyo Crysdian +4 more
TL;DR: Results of this study deliver the combination of lattice-based and agent-based module become the best method for activating firewall.
References
More filters
Proceedings ArticleDOI
Assisting network intrusion detection with reconfigurable hardware
TL;DR: A module generator that extracts strings from the Snort NIDS rule-set, generates a regular expression that matches all extracted strings, synthesizes a FPGA-based string matching circuit, and generates an EDIF netlist that can be processed by Xilinx software to create an FPGAs bitstream is developed.
Proceedings ArticleDOI
Implementation of a content-scanning module for an Internet firewall
TL;DR: A module has been implemented in Field Programmable Gate Array (FPGA) hardware that scans the content of Internet packets at Gigabits/second rates and automatically generates the Finite State Machines (FSMs) to search for regular expressions.
Proceedings ArticleDOI
Dynamic hardware plugins in an FPGA with partial run-time reconfiguration
TL;DR: Tools and a design methodology have been developed to support partial run-time reconfiguration of FPGA logic on the Field Programmable Port Extender to support high-speed Internet packet processing circuits on this platform.
Book ChapterDOI
Specialized Hardware for Deep Network Packet Filtering
TL;DR: This work designs a deep packet filtering firewall on a field programmable gate array (FPGA) to take advantage of the parallelism while retaining its programmability and is capable of processing over 2.88 gigabits per second of network stream on an Altera EP20K series FPGA without manual optimization.
Proceedings ArticleDOI
Field programmable port extender (FPX) for distributed routing and queuing
TL;DR: The Field-programmable Port Extender (FPX) is being built to augment the Washington University Gigabit Switch (WUGS) with reprogrammable logic, and will first be used to implement fast IP lookup algorithms and distributed input queueing.