Abstract
In this paper we describe an architecture providing an high speed access control service for ATM networks. This architecture is based on two main components. The first one is a signalling analyser which takes the signalling information as an input and produces dynamically the configuration for our second module. This second module called IFT (Internet Fast Translator) is used to analyse the information located in the ATM cells and currently operates at 622 Mb/s. The complete architecture provides the access control at the ATM, IP and transport levels without packet reassembling.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
ISO, ISO 7498-2:1989, Information processing systems – Open Systems Interconnection – Basic Reference Model – Part 2: Security Architecture (1989)
McHenry, J., Dowd, P., Pellegrino, F., Carrozzi, T., Cocks, W.: An FPGA-Based Coprocessor for ATM Firewalls. In: Proceedings of IEEE FCCM 1997 (April 1997)
Newman, D., Holzbaur, H., Bishop, K.: Firewalls: Don’t Get Burned. Data Communications (March 1997)
National Institute of Standards and Technology, Standard Security Label for Information Transfer, Federal Information Processing Standards Publication 188 (September 1994)
Abusamra, J.: ATM Net Management: Missing Pieces. Data Communications (May 1998)
Keylabs inc., Firewall Shootout Test Final Report. In: Networld+Interop 1998 (May 1998)
Strassner, J., Schleimer, S.: Policy Framework Definition Language, draft-ietf-policyframework-pfdl-00.txt, Internet Engineering Task Force (November 1998)
Paul, O., Laurent, M., Gombault, S.: Manageable Parameters to improve Access Control in ATM Networks. In: Proc. of the 5th HPOVUA Workshop (April 1998)
Ranum, M.: A network firewall. In: Proc. of the World Conference on System Administration and Security (1992)
The ATM Forum Technical Committee, ATM Security Specification Version 1.0 (February 1999)
Xu, J., Singhal, M.: Design of a high-performance ATM Firewall. In: Proc. of the 5th ACM Conference on Computer & Communications Security (1998)
The ATM Forum Technical Committee, ATM User-Network Interface Specification, Version 3.1 (UNI3.1) (July 1994)
Kowalski, B.: Atlas Policy Cache Architecture, White paper, Storagetek Corp. (1997)
Cisco Corp., LightStream 1010 Multiservice ATM Switch Overview (1999)
Accarion, M., Boscher, C., Duret, C., Lattmann, J.: Extensive packet header lookup at Gb/s speed for an application to IP/ATM multimedia switching router. In: Proc. of the WTC/ISS2000 Conference (May 2000)
Centre National d’Etude des Télécommunications - France Telecom, IP Fast Translator, FT.BD/CNET/DSE/SDL/226/CD (December 1999)
Benecke, C.: A parallel Packet Screen for High Speed Networks. In: Proc. of the 15th Annual Computer Security Applications Conference (December 1999)
Laksham, T.V., Stiliadis, D.: High-Speed Policy-based Packet Forwarding Using Efficient Multi-Dimensional Range Matching. In: Proc. of ACM SIGCOMM 1998 (September 1998)
Fredkin, E.: Trie Memory. Communications of the ACM 3, 490–499 (1960)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paul, O., Laurent, M., Gombault, S. (2000). A Full Bandwidth ATM Firewall. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_13
Download citation
DOI: https://doi.org/10.1007/10722599_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive