A Full Bandwidth ATM Firewall

In this paper we describe an architecture providing an high speed access control service for ATM networks. This architecture is based on two main components. The first one is a signalling analyser which takes the signalling information as an input and produces dynamically the configuration for our second module. This second module called IFT (Internet Fast Translator) is used to analyse the information located in the ATM cells and currently operates at 622 Mb/s. The complete architecture provides the access control at the ATM, IP and transport levels without packet reassembling.

[1]  Olivier Paul,et al.  Manageable Parameters to Improve Access Control in ATM Networks , 1998 .

[2]  Edward Fredkin,et al.  Trie memory , 1960, Commun. ACM.

[3]  T. V. Lakshman,et al.  High-speed policy-based packet forwarding using efficient multi-dimensional range matching , 1998, SIGCOMM '98.

[4]  Mukesh Singhal,et al.  Design of a high-performance ATM firewall , 1998, CCS '98.

[5]  Carsten Benecke,et al.  A parallel packet screen for high speed networks , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[6]  Patrick W. Dowd,et al.  An FPGA-based coprocessor for ATM firewalls , 1997, Proceedings. The 5th Annual IEEE Symposium on Field-Programmable Custom Computing Machines Cat. No.97TB100186).

[7]  Design of a high-performance ATM firewall , 1999, TSEC.

[8]  John Strassner,et al.  Policy Framework Definition Language , 1998 .