Abstract: Firewalls and Intrusion Protection Systems (IPS) are a key component for securing networks that are vital to government agencies and private industry. These systems enforce a security policy by inspecting and filtering traffic arriving or departing from a secure network. While performing critical security operations, a firewall/IPS must act transparent to legitimate users, with little or no effect on the perceived network performance (QoS). Unfortunately, current firewall/IPS designs can introduce significant delays, are unable to maintain QoS guarantees, and are susceptible to DoS attacks. This talk will review policy optimization techniques and parallel architectures developed at Wake Forest University that meet these important challenges.

Policy optimization concerns decreasing the number of comparisons required per packet, which reduces processing time and delay. This is done by reorganizing policy rules or using new policy representations that maintain the original policy integrity. This research is important since it applies to current and future firewall systems. New parallel firewall architectures is another method to increase performance. The architectures under investigation consist of multiple firewalls that collectively enforce a security policy. These distributed designs are scalable to traffic loads and is less susceptible to DoS attacks. Simulation and analytical results show these new architectures out-perform any current firewall system, providing higher throughput, lower delays, and predictable traffic differentiation.

Short Bio: Errin W. Fulp received is Ph.D. in computer engineering from N. C. State University in 1999 under the direction of Dr. Doug Reeves. Since 2000, he has been an Assistant Professor of Computer Science at Wake Forest University. His research interests include computer and network security, network Quality of Service (QoS), and market-based resource management. His current research, funded through the DOE ECPI program, is investigating firewall architectures for high-speed networks. He is also the founder of the Network Security Group at Wake Forest University and GreatWall Systems, both are investigating various security issues related to the next generation of computer networks and applications.