Computing jobs cannot be staged from the world into a

Info icon This preview shows pages 2–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Computing jobs cannot be staged from the world into a firewalled network, and vice versa [3] [4]; data placement cannot be completed because data cannot move into or out of a firewalled network. Middleware approaches are very attractive for dealing with the connectivity problem. They are easy to deploy because neither the Internet nor operating systems need be changed, and many applications can benefit from them. This paper presents a middleware firewall traversal system called CODO (Cooperative On-Demand Opening). CODO dynamically configures a firewall so that authorized applications can communicate through it. In CODO, both firewalls and applications benefit through their cooperation. CODO-enabled firewalls can protect networks better because pinholes are made only for authorized applications, are narrow and exist only when required. Unauthorized applications cannot get through the firewalls. Also, better understanding of firewall parameters by authorized applications enables them to communicate without frustration. Unlike previous approaches, CODO supports the most restrictive settings in that both inbound and outbound communications are controlled. Since CODO provides the Berkeley socket API, applications can easily become CODO-enabled. With interposition mechanisms such as [6] and [7], applications can benefit from CODO even without re-linking. This paper also discusses how a firewall traversal system can fit in the overall security enforcement of a network. We introduce firewall traversal mechanisms as components that complement firewall functions. In §2, we discuss a packet flow model within a firewall and define the firewall traversal problem within that model. The architecture and connection procedure of CODO are presented in §3 and §4, respectively. §5 discusses the fault tolerance issue and §6 explains the implementation. §7 and §8 present performance data and related research, respectively. 2. Problem Definition The firewall traversal problem has been around for many years, though it is vaguely defined, raising many questions such as "if a firewall is opened for an application, does it blindly pass packets to/from the application?" and "how does a traversal mechanism fit
Image of page 2

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
in the security policy the firewall tries to enforce?" To avoid confusion, we define the problem as follows. Firewalls block malicious or unwanted traffic while allowing benign and desired traffic. What is malicious or unwanted (or equivalently benign and desired) is defined by firewall rules. To traverse a firewall, a packet must pass the tests defined by the firewall rules. If a packet fails a test, then it is rejected. Otherwise, it continues to traverse the chain of tests until it fails a test or passes all the tests. Figure 1:  Packet flow model Figure 1 shows a packet flow model in a firewall.
Image of page 3
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern