Enhanced session table architecture for stateful firewalls

Z. Trabelsi, S. Zeidan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Stateful firewall keeps track of the state of network connections. The performance of stateful firewall determines by both the performance of its session table and the mechanism used for packet filtering. This paper presents a stateful session table architecture then integrates it with Splay tree firewall. Splay tree firewall organizes policy rules in a designated prefix length splay tree data structure, and a collection of hash tables grouped by prefix length. Packet filtering time using Splay tree firewall is essentially reduced through multilevel filtering paths, where unwanted packets are rejected as early as possible. The proposed session table architecture reduces memory space consumption and session operations time, as it uses one hash slot per connection. Keeping all connection related information in one session entry produces additional processing time, particularly for session timeout attribute processing. Our proposed session architecture separates session state and timeout attributes information into different data structures to enhance the overall system performance.

Original languageEnglish
Title of host publication2018 IEEE International Conference on Communications, ICC 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Print)9781538631805
DOIs
Publication statusPublished - Jul 27 2018
Event2018 IEEE International Conference on Communications, ICC 2018 - Kansas City, United States
Duration: May 20 2018May 24 2018

Publication series

NameIEEE International Conference on Communications
Volume2018-May
ISSN (Print)1550-3607

Other

Other2018 IEEE International Conference on Communications, ICC 2018
Country/TerritoryUnited States
CityKansas City
Period5/20/185/24/18

Keywords

  • Early packet rejection
  • Hash table
  • Packet classification
  • Session table
  • Splay tree
  • Stateful firewall

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Enhanced session table architecture for stateful firewalls'. Together they form a unique fingerprint.

Cite this