HyPaFilter: A Versatile Hybrid FPGA Packet Filter
| dc.contributor.author | Fiessler, Andreas | en |
| dc.contributor.author | Hager, Sven | en |
| dc.contributor.author | Scheuermann, Björn | en |
| dc.contributor.author | Moore, Andrew | en |
| dc.date.accessioned | 2016-06-09T11:15:37Z | |
| dc.date.available | 2016-06-09T11:15:37Z | |
| dc.date.issued | 2016-03-17 | en |
| dc.identifier.uri | https://www.repository.cam.ac.uk/handle/1810/256224 | |
| dc.description.abstract | With network traffic rates continuously growing, security systems like firewalls are facing increasing challenges to process incoming packets at line speed without sacrificing protection. Accordingly, specialized hardware firewalls are increasingly used in high-speed environments. Hardware solutions, though, are inherently limited in terms of the complexity of the policies they can implement, often forcing users to choose between throughput and comprehensive analysis. On the contrary, complex rules typically constitute only a small fraction of the rule set. This motivates the combination of massively parallel, yet complexity-limited specialized circuitry with a slower, but semantically powerful software firewall. The key challenge in such a design arises from the dependencies between classification rules due to their relative priorities within the rule set: complex rules requiring software-based processing may be interleaved at arbitrary positions between those where hardware processing is feasible. We therefore discuss approaches for partitioning and transforming rule sets for hybrid packet processing, and propose HyPaFilter, a hybrid classification system based on tailored circuitry on an FPGA as an accelerator for a Linux netfilter firewall. Our evaluation demonstrates 30-fold performance gains in comparison to software-only processing. | |
| dc.description.sponsorship | Horizon 2020 (Grant ID: SSICLOPS project, 644866) | |
| dc.language | English | en |
| dc.language.iso | en | en |
| dc.publisher | Association for Computing Machinery | |
| dc.subject | packet classification | en |
| dc.subject | FPGA hardware accelerator | en |
| dc.subject | firewall | en |
| dc.title | HyPaFilter: A Versatile Hybrid FPGA Packet Filter | en |
| dc.type | Conference Object | |
| dc.description.version | This is the author accepted manuscript. The final version is available from the Association for Computing Machinery via http://dx.doi.org/10.1145/2881025.2881033 | en |
| prism.endingPage | 36 | |
| prism.publicationDate | 2016 | en |
| prism.publicationName | ANCS '16 Proceedings of the 2016 Symposium on Architectures for Networking and Communications Systems | en |
| prism.startingPage | 25 | |
| dc.identifier.doi | 10.17863/CAM.166 | |
| dcterms.dateAccepted | 2016-01-07 | en |
| rioxxterms.versionofrecord | 10.1145/2881025.2881033 | en |
| rioxxterms.version | AM | en |
| rioxxterms.licenseref.uri | http://www.rioxx.net/licenses/all-rights-reserved | en |
| rioxxterms.licenseref.startdate | 2016-03-17 | en |
| dc.contributor.orcid | Moore, Andrew [0000-0002-5494-9305] | |
| rioxxterms.type | Conference Paper/Proceeding/Abstract | en |
Files in this item
This item appears in the following Collection(s)
-
Scholarly Works - Computer Science and Technology
-
Symplectic mapped items for data match
This collection contains all articles, datasets and conference objects to be harvested