Home // ICIMP 2011, The Sixth International Conference on Internet Monitoring and Protection // View article

High Performance Internet Connection Filtering Through an In-Kernel Architecture

Authors:
Naser Ezzati Jivan
Alireza Shameli Sendi
Naser Nematbakhsh
Michel Dagenais

Keywords: firewall; proxy; content filter; kernel proxy; performance.

Abstract:
A firewall is a tool that protects users and applications from unauthorized accesses and network attacks, and secures network connections and resources. It rejects unauthorized access while permitting authorized connections based upon network security rules and policies. Although the importance of a firewall in securing a network is vital, a poor architecture and inefficient mechanism for inspecting network traffic may lead to reduced network performance. Therefore, the performance of a firewall is considered as one of its main characteristics. Several methods have been proposed to increase firewall performance. In this paper, an in-kernel architecture has been proposed. It changes the structure of application proxies and moves a portion of their functionalities to the operating system kernel level. This kernel proxy inspects and filters the connections passing through the firewall with the help of a user daemon. Tests under different loads show that the performance of the firewall increases with the proposed architecture. The main reasons are the reduction of context switches and elimination of extra copies between kernel and user space. The Kernel proxy supports the HTTP, FTP and TELNET protocols although a better performance could be reached using a kernel URL filter.

Pages: 32 to 37

Copyright: Copyright (c) IARIA, 2011

Publication date: March 20, 2011

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-125-0

Location: St. Maarten, The Netherlands Antilles

Dates: from March 20, 2011 to March 25, 2011