Fast string search and matching is critical for many security tasks in particular if these have gate functionality for instance as found in access control applications, firewalls, routers, and load balancers. The fast matching of strings is essential to impose and enforce access control policies without creating bottlenecks. Firewalls protect networks by monitoring the traffic crossing the network perimeter. The number of packet matching rules firewalls can effectively handle is limited by the matching time and space complexity of the algorithms employed. A new approach implements matching independent of the number of rules and linear in the length of the rule to be matched. A data structure used in this approach is referred to as a Bipartite Concatenated Representation (BCR). The space complexity of the BCR within this application scenario scales as O(N log2N) where N is the number of rules.

Talamo, M., Arcieri, F., Schunck, C., Povilionis, A. (2016). STRING SEARCH AND MATCHING FOR GATE FUNCTIONALITY.

STRING SEARCH AND MATCHING FOR GATE FUNCTIONALITY

TALAMO, MAURIZIO;ARCIERI, FRANCO;SCHUNCK, CHRISTIAN;POVILIONIS, ARMANAS
2016-12-07

Abstract

Fast string search and matching is critical for many security tasks in particular if these have gate functionality for instance as found in access control applications, firewalls, routers, and load balancers. The fast matching of strings is essential to impose and enforce access control policies without creating bottlenecks. Firewalls protect networks by monitoring the traffic crossing the network perimeter. The number of packet matching rules firewalls can effectively handle is limited by the matching time and space complexity of the algorithms employed. A new approach implements matching independent of the number of rules and linear in the length of the rule to be matched. A data structure used in this approach is referred to as a Bipartite Concatenated Representation (BCR). The space complexity of the BCR within this application scenario scales as O(N log2N) where N is the number of rules.
KONVAX CORPORATION
US 62/430,992
Settore INF/01 - Informatica
Settore FIS/01 - Fisica Sperimentale
English
Talamo, M; Arcieri, F; Schunck, C; Povilionis, A
Brevetti
Talamo, M., Arcieri, F., Schunck, C., Povilionis, A. (2016). STRING SEARCH AND MATCHING FOR GATE FUNCTIONALITY.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2108/189766
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact