透過您的圖書館登入 IP:18.119.130.218
透過您的圖書館登入
IP:18.119.130.218
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

整合網路防火牆以及網路協定層處理之軟硬體嵌入式平台

An Embedded Hardware/Software Platform for Network Firewall and IP Protocol Processing

邱智軍(Chih-Chun Chiu)
指導教授 : 王勝德
國立臺灣大學/電機資訊學院/電機工程學研究所/碩士(2011年)
https://doi.org/10.6342/NTU.2011.01130
全文下載

摘要

在這篇論文中,我們整合了一個軟硬體的防火牆平台。其中防火牆的規則,可藉由輸入指令的軟體介面,來做增加、刪除、以及觀看規則內容等動作,在硬體的防火牆中,我們使用暫存器的方式來對規則作存取,並使得規則能夠修改。我們也針對網際網路控制消息協定之流量攻擊(ICMP flood attack)提供的一個自動防護的機制,提供針對九個常見的網際網路控制消息協定作檢查。另一方面,我們在硬體上,平行處理網際協定(IP)以及防火牆。由實驗結果,展示了我們的網際協定(IP)以及防火牆架構能和輕量型網路協定(LWIP)的傳輸層協定作整合。其中由賽靈思(Xilinx)相關工具模擬的結果,我們的網際協定(IP)以及防火牆硬體架構可以每秒處理15.973M個封包,若每個封包大小為64位元組,則每秒可以處理8.18G位元。

關鍵字

防火牆 平行處理 網際網路控制消息協定之流量攻擊(ICMP flood attack) 輕量型網路協定(LWIP) 暫存器

並列摘要

In this thesis, we design an integrated hardware/software firewall with a command-based software interface to check, add, or delete the rules of the firewall. In the hardware firewall, we use registers to store the rules, so we can change the rules by modifying the registers. We also offer a countermeasure to the ICMP flood attack. We check the specific ICMP messages and implement an automatic protection mechanism. On the other hand, we apply the parallel architecture to implement the IP protocol with firewall in the hardware. The experiment shows that we successfully integrate the hardware IP/firewall with the software-based transport layer protocol of the LWIP. With the simulation result of the Xilinx tool, our hardware IP/firewall can achieve about 15.973Mpps, which corresponds to the speed of 8.18Gbps assuming the 64Bytes packets.

並列關鍵字

firewall parallel processing ICMP flood attacks LWIP registers

參考文獻

[13] H. Jang, S-H.Chung, and D-H.Yoo, "Design and implementation of protocol
[2] D. M. Dramicanin, et al., "On Design and Exploitation Strategies of Reconfigurable Firewalls," in Telecommunications in Modern Satellite, Cable and Broadcasting Services, 2007. TELSIKS 2007. 8th International Conference on, 2007, pp. 597-600.
[3] Pereira, F. D. and Ordonez, E. D. M., "SSDR - Reconfigurable Firewall: Reconfiguration Model Performance," in Programmable Logic, 2008 4th Southern Conference on, 2008, pp. 253-256.
[5] John W. Lockwood, Christopher Neely, Christopher Zuver, James Moscola, Sarang Dharmapurikar, and David Lim, "An extensible, system-onprogrammable-chip, content-aware Internet firewall," in Field Programmable Logic and Applications (FPL), Lisbon Portugal, 2003, p. 14B.
[6] K. Koht-arsa and S. Sanguanpong, "A practical approach for building a parallel firewall for ten gigabit Ethernet backbone," in Security Technology, 2008. ICCST 2008. 42nd Annual IEEE International Carnahan Conference on, 2008, pp. 331-338.

延伸閱讀

全文下載