Seminars & Colloquia
Wake Forrest University
"Improving the Performance of Firewalls and Intrusion Protection Systems for High-Speed Networks"
Friday May 12, 2006 01:30 PM
Location: 3211, EB II NCSU Centennial Campus
(Visitor parking instructions)
This talk is part of the
System Research Seminar series
Firewalls and Intrusion Protection Systems (IPS) are a key
component for securing networks that are vital to government
agencies and private industry. These systems enforce a security
policy by inspecting and filtering traffic arriving or departing
from a secure network. While performing critical security
operations, a firewall/IPS must act transparent to legitimate
users, with little or no effect on the perceived network
performance (QoS). Unfortunately, current firewall/IPS designs can
introduce significant delays, are unable to maintain QoS
guarantees, and are susceptible to DoS attacks. This talk will
review policy optimization techniques and parallel architectures
developed at Wake Forest University that meet these important
Policy optimization concerns decreasing the number of comparisons
required per packet, which reduces processing time and delay. This
is done by reorganizing policy rules or using new policy
representations that maintain the original policy integrity. This
research is important since it applies to current and future
firewall systems. New parallel firewall architectures is another
method to increase performance. The architectures under
investigation consist of multiple firewalls that collectively
enforce a security policy. These distributed designs are scalable
to traffic loads and is less susceptible to DoS attacks.
Simulation and analytical results show these new architectures
out-perform any current firewall system, providing higher
throughput, lower delays, and predictable traffic differentiation.
Short Bio: Errin W. Fulp received is Ph.D. in computer engineering from N. C.
State University in 1999 under the direction of Dr. Doug Reeves.
Since 2000, he has been an Assistant Professor of Computer Science
at Wake Forest University. His research interests include computer
and network security, network Quality of Service (QoS), and
market-based resource management. His current research, funded
through the DOE ECPI program, is investigating firewall
architectures for high-speed networks. He is also the founder of
the Network Security Group at Wake Forest University and GreatWall
Systems, both are investigating various security issues related to the
next generation of computer networks and applications.
Host: Peng Ning, Computer Science, NCSU
Back to Seminar Listings
Back to Colloquia Home Page