FPC: A New Approach to Firewall Policies Compression

Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of networks, the number of rules in firewalls has rapidly increased, consequently degrading network performance. In addition, because most real-life firewalls have been plagued with policy conflicts, malicious traffics can be allowed or legitimate traffics can be blocked. Moreover, because of the complexity of the firewall policies, it is very important to reduce the number of rules in a firewall while keeping the rule semantics unchanged and the target firewall rules conflict-free. In this study, we make three major contributions. First, we present a new approach in which a geometric model, multidimensional rectilinear polygon, is constructed for the firewall rules compression problem. Second, we propose a new scheme, Firewall Policies Compression (FPC), to compress the multidimensional firewall rules based on this geometric model. Third, we conducted extensive experiments to evaluate the performance of the proposed method. The experimental results demonstrate that the FPC method outperforms the existing approaches, in terms of compression ratio and efficiency while maintaining conflict-free firewall rules

FPC: A New Approach to Firewall Policies Compression

Firewalls are crucial elements that enhance network security by examining the field values of every packet and deciding whether to accept or discard a packet according to the firewall policies. With the development of networks, the number of rules in firewalls has rapidly increased, consequently degrading network performance. In addition, because most real-life firewalls have been plagued with policy conflicts, malicious traffics can be allowed or legitimate traffics can be blocked. Moreover, because of the complexity of the firewall policies, it is very important to reduce the number of rules in a firewall while keeping the rule semantics unchanged and the target firewall rules conflict-free. In this study, we make three major contributions. First, we present a new approach in which a geometric model, multidimensional rectilinear polygon, is constructed for the firewall rules compression problem. Second, we propose a new scheme, Firewall Policies Compression (FPC), to compress the multidimensional firewall rules based on this geometric model. Third, we conducted extensive experiments to evaluate the performance of the proposed method. The experimental results demonstrate that the FPC method outperforms the existing approaches, in terms of compression ratio and efficiency while maintaining conflict-free firewall rules

Too many SDN rules? Compress them with MINNIE

International audienceSoftware Defined Networking (SDN) is gaining momentum with the support of major manufacturers. While it brings flexibility in the management of flows within the data center fabric, this flexibility comes at the cost of smaller routing table capacities. In this paper, we investigate compression techniques to reduce the forwarding information base (FIB) of SDN switches. We validate our algorithm, called MINNIE, on a real testbed able to emulate a 20 switches fat tree architecture. We demonstrate that even with a small number of clients, the limit in terms of number of rules is reached if no compression is performed, increasing the delay of all new incoming flows. MINNIE, on the other hand, reduces drastically the number of rules that need to be stored with a limited impact on the packet loss rate. We also evaluate the actual switching and reconfiguration times and the delay introduced by the communications with the controller

The maximum 2D subarray polytope: facet-inducing inequalities and polyhedral computations

Given a matrix with real-valued entries, the maximum 2D subarray problem consists in finding a rectangular submatrix with consecutive rows and columns maximizing the sum of its entries. In this work we start a polyhedral study of an integer programming formulation for this problem.We thus define the 2D subarray polytope, explore conditions ensuring the validity of linear inequalities, and provide several families of facet-inducing inequalities. We also report com- putational experiments assessing the reduction of the dual bound for the linear relaxation achieved by these families of inequalities.Este documento es una versión del artículo publicado en Applied Mathematics 323, 286-301

MINNIE: an SDN World with Few Compressed Forwarding Rules

Software Defined Networking (SDN) is gaining momentum with the support of major manufacturers. While it brings flexibility in the management of flows within the data center fabric, this flexibility comes at the cost of smaller routing table capacities. Indeed, the Ternary Content Addressable Memory (TCAM) needed by SDN devices has smaller capacities than CAMs used in legacy hardware. In this paper, we investigate compression techniques to maximize the utility of SDN switches forwarding tables. We validate our algorithm, called \algo, with intensive simulations for well-known data center topologies, to study its efficiency and compression ratio for a large number of forwarding rules. Our results indicate that \algo scales well, being able to deal with around a million of different flows with less than 1000 forwarding entry per SDN switch, requiring negligible computation time. To assess the operational viability of MINNIE in real networks, we deployed a testbed able to emulate a k=4 fat-tree data center topology. We demonstrate on one hand, that even with a small number of clients, the limit in terms of number of rules is reached if no compression is performed, increasing the delay of new incoming flows. MINNIE, on the other hand, reduces drastically the number of rules that need to be stored, with no packet losses, nor detectable extra delays if routing lookups are done in ASICs.Hence, both simulations and experimental results suggest that \algo can be safely deployed in real networks, providing compression ratios between 70% and 99%

WHAT IS FAMILIAR IS BEAUTIFUL: A NOVEL APPROACH INVESTIGATING THE RELATIONSHIP BETWEEN AESTHETICS AND PERCEIVED USE

Objective: This study investigates the application of aesthetic principles to designed objects with which we interact, specifically looking at the impact of perceived function of the objects on perceptions of visual appeal. Background: Previous studies have demonstrated that a product’s judged beauty or visual appeal is related to perceptions of its usability. Arguments have been put forward for both directions of causality leading to “what is beautiful is usable” and “what is usable is beautiful” hypotheses. Explanations for the relationship between usability and beauty judgments include stereotype effects, ecological explanations, and cognitive processing viewpoints. The current studies contribute to this debate by manipulating usability and aesthetic principles independently to determine whether well-established aesthetic principles are contingent on perceived function. Method: 248 participants were recruited for two experiments. In Experiment 1, participants viewed sixteen illustrations that varied in ways that frequently increase the beauty of objects (i.e., basic principles such as symmetry, balanced massing, curvature, and prototypicality) and rated their degree of visual appeal. In Experiment 2, participants rated the appeal of the same stimuli as in Experiment 1 but were primed by instructions describing the illustrations as either alternative designs for microwave control panels or designs of building façades. Results: Strong support for the aesthetic principles of symmetry and spatial massing, but not curvature, were found in both experiments. Participants generally preferred stimuli that were symmetrical and evenly massed (i.e., balanced ). Additionally, the manipulation of a functional prime significantly interacted with several aesthetic principles that relate to the match between the supplied prime and the prototypicality of the stimulus for the primed class of objects. Conclusions: Aesthetic principles of symmetry and spatial massing can be considered very potent ways to influence a user’s degree of perceived visual appeal that are resistant to specific use cases or situations. Other principles, such as curvature preferences, seem to be limited by the prototypicality of curvature for a primed class of objects. So when considering whether “what is beautiful is usable” or “what is usable is beautiful, the results from the current study demonstrate that it may be more appropriate to say what is familiar is beautiful