摘要
统一威胁管理设备UTM是近年来网络安全领域涌现出的一个新的综合性平台,它融合了防火墙、入侵检测、病毒扫描等安全功能。其中防火墙模块一般实现在多核网络处理器平台上,负责高速网络收发包、策略分配等功能,是UTM中最重要的环节之一。针对UTM中防火墙的网包处理的两种流程分别建立Petri网模型,即基于会话表的处理流程和简单处理流程,并通过模型求解和在Cavium OCTEON 5860多核网络处理器平台上的实验进行了理论与实际性能分析,结果显示基于会话表的处理流程在满足一定条件下才优于简单顺序处理流程,这对UTM的整体设计有重大的指导意义。
Unified Threat Management(UTM) as a novel integrated platform,which combines firewall,intrusion detection,virus scanning and other security features,has emerged in network security area in recent years.A critical module in UTM system is firewall module,which is responsible for high-speed network IO and policy allocation.Currently,multi-core network processor platforms are used in the implementation of firewall module.In this paper,we present two models and performance analysis of different packet processing in firewall module based on Petri nets models,i.e.,session table based packet processing and simple scheme.After that,it also makes practical performance evaluation on advanced multi-core network processor OCTEON 5860.The results show that the processing performance based session table is only better than simple scheme under certain conditions,which is important to guiding the overall design of UTM.
出处
《系统仿真学报》
CAS
CSCD
北大核心
2008年第S2期97-101,共5页
Journal of System Simulation
基金
国家自然科学基金(90718040
60673187)
北京市优秀人才培养资助(20081D0900200272)
一体化UTM设计和实现(2007AA01Z468)