B. Kowalski, Atlas Policy Cache Architecture, White paper, Storagetek Corp., 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....connection set up requests based on the content of the signalling messages. The problem with this approach is that the access control is not powerful since access control parameters are, except in the case of the Fore product, only carrying on the ATM addresses. The second solution (Storagetek [9]) is also based on anATM switch. However, this switch has been modified to supply access control at the IP level. Instead of reassembling cells for packet headers examination like in traditional firewalls, this approach is expected to find IP and TCP UDP information directly in the first ATM cell ....

....the goals of CARAT is to solve this problem by using an improved signalling analyzer which allows the security officer to control almost all the parameters that can be used to describe an ATM connection. Property Approach PC Firewall [1, 30, 31] Filtering Router Filtering Switch [8] ATM Firewall [9] McHenry al. 10] Xu al. 11] Paul al. 12] CARAT ATM level access control No No Poor No Poor Poor Good Good TCP IP access control Stateful Stateless No Stateless Stateless StatelessStateless Stateless Impact on the QoS Large Large Low Low Low Low No Low Sensitivity to DoS Yes Yes Yes Yes ....

B. Kowalski, Atlas Policy Cache Architecture, White paper, Storagetek Corp., 1997.

....scheme. At the time of writing, one commercial ATM firewall product, StorageTek s 1 The only exception happens when the edge device receives an MPOA trigger from the MPOA server. International Journal of Software Engineering and Knowledge Engineering, Vol. 9, No. 2 175 ATLAS, is available [6]. In [10] we also propose an ATM firewall architecture which nicely embeds high performance packet filtering mechanisms into a normal ATM switch. In the following discussion we assume the availability of high performance ATM firewall devices and they are referred to as firewall switches. 3 ....

B. Kowalski. ATLAS Policy Cache Architecture. Technical report, StorageTek Corp., http://www.network.com/, 1997.

....availability of high performance ATM firewall devices, which can perform packet level filtering over an ATM network at the rate no less than OC 3 (150 Mbps) is a prerequisite of our firewalling scheme. At the time of writing, one commercial ATM firewall product, StorageTek s ATLAS, is available [6]. In [10] we also propose an ATM firewall architecture which nicely embeds high performance packetfiltering mechanisms into a normal ATM switch. In the following discussion we assume the availability of highperformance ATM firewall devices and they are referred to as firewall switches. 3 ....

B. Kowalski. ATLAS Policy Cache Architecture. Technical report, StorageTek Corp., http://www.network.com/, 1997.

....of network level access control in an ATM network. Therefore, a new ATM firewall architecture is called for that is capable of performing packet level filtering at hig speed. At the time of writing, StorageTek s ATLAS product was the only ATM packet filtering device available in the literature [9]. ATLAS is a line filter that scans an ATM physical link to perform the packet level filtering at the rate of OC 3 (150 Mbit s) Two performance boosting strategies are used in ATLAS. First, to avoid SAR, for each packet ATLAS only checks the first cell, which contains the IP header, TCP UDP ....

....cell, which contains the IP header, TCP UDP ports, protocol, and TCP flags (if applicable) to determine whether or not the packet is safe. If the packet is considered safe, all the following cells that belong to it are passed or otherwise dropped. Second, ATLAS uses a policy cache architecture [9] to dramatically speed up the process of deciding whether or not a packet header is safe. The core unit of this architecture is a cache block called the policy cache. Each entry of the policy cache is a combination of virtual path identifier virtual connection identifier (VPI VCI) source and ....

B. Kowalski, "Atlas policy cache architecture." [Online]. StorageTek Corp. 1996. Available: http://www.network.com/.

....(Cisco [14] Celotek, GTE) uses a classical ATM switch that is modi ed to lter ATM connection set up requests based on the source and destination addresses. The problem with this approach is that the access control is not powerful since the parameters are very limited. The second one (Storagetek [13]) is also based on an ATM switch. However this switch has been modi ed to supply access control at the IP level. Instead of reassembling cells for packet headers examination like in traditional rewalls, this approach is expected to nd IP and TCP UDP information directly in the rst ATM cell ....

....A comparison between the remaining proposals shows that several problems remain unsolved. For example, existing solutions only allow the security ocer Table 2. Comparison of di erent approaches Property Approach Classical Filtering ATM McHenry Xu CARAT Firewall [9] Switch [14] Firewall [13] al. 2] al. 11] ATM level A.C. No Poor No Poor Poor Good TCP IP A.C. Good No Average Average Average Average Application A.C. Good No No No Good No Impact on the QoS Large Low Low Low Low Low Manageability Good Good Poor Poor Good Good Implementation Yes Yes Yes Partly No Yes ....

B. Kowalski, Atlas Policy Cache Architecture, White paper, Storagetek Corp., 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC