Cross-Domain Privacy-Preserving Cooperative Firewall Optimization.

Slides:

Advertisements

Similar presentations

First Step Towards Automatic Correction of Firewall Policy Faults Fei Chen Alex X. Liu Computer Science and Engineering Michigan State University JeeHyun.

Advertisements

Abstract Shortest distance query is a fundamental operation in large-scale networks. Many existing methods in the literature take a landmark embedding.

CloudMoV: Cloud-based Mobile Social TV

On the Node Clone Detection inWireless Sensor Networks.

Optimizing Cloud Resources for Delivering IPTV Services Through Virtualization.

Toward a Statistical Framework for Source Anonymity in Sensor Networks.

Annotating Search Results from Web Databases. Abstract An increasing number of databases have become web accessible through HTML form-based search interfaces.

A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation.

Back-Pressure-Based Packet-by-Packet Adaptive Routing in Communication Networks.

Personalized QoS-Aware Web Service Recommendation and Visualization.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs.

A Survey of Mobile Cloud Computing Application Models

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

Security Evaluation of Pattern Classifiers under Attack.

A Framework for Mining Signatures from Event Sequences and Its Applications in Healthcare Data.

Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks.

Privacy-Preserving Public Auditing for Secure Cloud Storage

BestPeer++: A Peer-to-Peer Based Large-Scale Data Processing Platform.

Improving Network I/O Virtualization for Cloud Computing.

Privacy Preserving Data Sharing With Anonymous ID Assignment

Mobile Relay Configuration in Data-Intensive Wireless Sensor Networks.

m-Privacy for Collaborative Data Publishing

Tweet Analysis for Real-Time Event Detection and Earthquake Reporting System Development.

EAACK—A Secure Intrusion-Detection System for MANETs

Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks.

Optimal Client-Server Assignment for Internet Distributed Systems.

Protecting Sensitive Labels in Social Network Data Anonymization.

Identity-Based Secure Distributed Data Storage Schemes.

Incentive Compatible Privacy-Preserving Data Analysis.

Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.

Hiding in the Mobile Crowd: Location Privacy through Collaboration.

Cooperative Caching for Efficient Data Access in Disruption Tolerant Networks.

Anonymization of Centralized and Distributed Social Networks by Sequential Clustering.

Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.

Identity-Based Distributed Provable Data Possession in Multi-Cloud Storage.

Content Sharing over Smartphone-Based Delay- Tolerant Networks.

Abstract Link error and malicious packet dropping are two sources for packet losses in multi-hop wireless ad hoc network. In this paper, while observing.

A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.

Modeling the Pairwise Key Predistribution Scheme in the Presence of Unreliable Links.

Privacy Preserving Delegated Access Control in Public Clouds.

A Generalized Flow-Based Method for Analysis of Implicit Relationships on Wikipedia.

A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.

Abstract With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to the commercial.

Traffic Pattern-Based Content Leakage Detection for Trusted Content Delivery Networks.

Privacy Preserving Back- Propagation Neural Network Learning Made Practical with Cloud Computing.

Clustering Sentence-Level Text Using a Novel Fuzzy Relational Clustering Algorithm.

Two tales of privacy in online social networks. Abstract Privacy is one of the friction points that emerges when communications get mediated in Online.

Participatory Privacy: Enabling Privacy in Participatory Sensing

Preventing Private Information Inference Attacks on Social Networks.

Abstract We propose two novel energy-aware routing algorithms for wireless ad hoc networks, called reliable minimum energy cost routing (RMECR) and reliable.

Supporting Privacy Protection in Personalized Web Search.

Twitsper: Tweeting Privately. Abstract Although online social networks provide some form of privacy controls to protect a user's shared content from other.

m-Privacy for Collaborative Data Publishing

Attribute-Based Encryption With Verifiable Outsourced Decryption.

A Scalable Two-Phase Top-Down Specialization Approach for Data Anonymization Using MapReduce on Cloud.

Multiparty Access Control for Online Social Networks : Model and Mechanisms.

Harnessing the Cloud for Securely Outsourcing Large- Scale Systems of Linear Equations.

Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption.

Dynamic Control of Coding for Progressive Packet Arrivals in DTNs.

Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.

Privacy-Enhanced Web Service Composition. Abstract Data as a Service (DaaS) builds on service-oriented technologies to enable fast access to data resources.

Privacy-Preserving and Content-Protecting Location Based Queries.

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

Dynamic Query Forms for Database Queries. Abstract Modern scientific databases and web databases maintain large and heterogeneous data. These real-world.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Spatial Approximate String Search. Abstract This work deals with the approximate string search in large spatial databases. Specifically, we investigate.

BY S.S.SUDHEER VARMA (13NT1D5816)

Presentation transcript:

Cross-Domain Privacy-Preserving Cooperative Firewall Optimization

Abstract Firewalls have been widely deployed on the Internet for securing private networks. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its policy. Optimizing firewall policies is crucial for im¬proving network performance. Prior work on firewall optimiza¬tion focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern. This paper explores interfirewall opti¬mization across administrative domains for the first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential informa¬tion and even potential security holes, which can be exploited by attackers. In this paper, we propose the first cross-domain pri¬vacy-preserving cooperative firewall policy optimization protocol.

Abstract con… Specifically, for any two adjacent firewalls belonging to two dif-ferent administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other fire¬wall. The optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other. We implemented our protocol and conducted extensive experiments. The results on real firewall policies show that our pro¬tocol can remove as many as 49% of the rules in a firewall, whereas the average is 19.4%. The communication cost is less than a few hundred kilobytes. Our protocol incurs no extra online packet pro¬cessing overhead, and the offline processing time is less than a few hundred seconds.

Existing system FIREWALLS are critical in securing private networks of businesses, institutions, and home networks. A firewall is often placed at the entrance between a private network and the external network so that it can check each incoming or outgoing packet and decide whether to accept or discard the packet based on its policy. A firewall policy is usually specified as a sequence of rules, called Access Control List (ACL), and each rule has a predicate over multiple packet header fields (i.e., source IP, des¬tination IP, source port, destination port, and protocol type) and a decision (i.e., accept and discard) for the packets that match the predicate. The rules in a firewall policy typically follow the first-match semantics, where the decision for a packet is the de¬cision of the first rule that the packet matches in the policy. Each physical interface of a router/firewall is configured with two ACLs: one for filtering outgoing packets and the other one for filtering incoming packets. In this paper, we use firewalls, firewallpolicies,and ACLs, interchangeably.

Architecture diagram

System specification HARDWARE REQUIREMENTS Processor : intel Pentium IV Ram : 512 MB Hard Disk : 80 GB HDD SOFTWARE REQUIREMENTS Operating System : windows XP / Windows 7 FrontEnd : Java BackEnd : MySQL 5

CONCLUSION In this paper, we identified an important problem, cross-do¬main privacy-preserving interfirewall redundancy detection. We propose a novel privacy-preserving protocol for detecting such redundancy. We implemented our protocol in Java and con¬ducted extensive evaluation. The results on real firewall policies show that our protocol can remove as many as 49% of the rules in a firewall whereas the average is 19.4%.

THANK YOU