Venkata Varma Vegiraju, M. S. V. V. Ramesh, D. D. D. Suribabu


In this paper we identified an important problem, cross-domain privacy preserving inter firewall redundancy detection we propose a novel privacy-preserving protocol for detecting such redundancy. Our protocol is most beneficial if both parties are willing to benefit from it can collaborate in a mutual manner. There are many special cases that could be explored based on our current protocol. For example, there may be hosts or network address translation (NAT) devices between two adjacent firewalls. Our protocol incurs no extra online packet processing overhead and the offline processing time is less than a few hundred seconds.


Firewall optimization; privacy; Packet classification; Firewall Optimization Protocol; Network Security;


Fei Chen, Bezawada Bruhadeshwar, and Alex X. Liu, “Cross-Domain Privacy-Preserving Cooperative Firewall Optimization,” in IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 21, NO. 3, JUNE 2013

nf-HiPAC, “Firewall throughput test,” 2012 [Online]. Available:

R. Agrawal, A. Evfimievski, and R. Srikant, “Information sharing across private databases,” in Proc. ACM SIGMOD, 2003, pp. 86–97.

E. Al-Shaer and H. Hamed, “Discovery of policy anomalies in distributed firewalls,” in Proc. IEEE INFOCOM, 2004, pp. 2605–2616.

J. Brickell and V. Shmatikov, “Privacy-preserving graph algorithms in the semi-honest model,” in Proc. ASIACRYPT, 2010, pp. 236–252.

Y.-K. Chang, “Fast binary and multiway prefix searches for packet forwarding,” Comput. Netw., vol. 51, no. 3, pp. 588–605, 2007.

J. Cheng, H. Yang, S. H.Wong, and S. Lu, “Design and implementation of cross-domain cooperative firewall,” in Proc. IEEE ICNP, 2007, pp. 284–293.

Q. Dong, S. Banerjee, J. Wang, D. Agrawal, and A. Shukla, “Packet classifiers in ternary CAMs can be smaller,” in Proc. ACM SIGMETRICS, 2006, pp. 311–322.

O. Goldreich, “Secure multi-party computations,” Working draft, Ver. 1.4, 2002.

O. Goldreich, Foundations of Cryptography: Volume II (Basic Applications). Cambridge, U.K.: Cambridge Univ. Press, 2004.

M. G. Gouda and A. X. Liu, “Firewall design: Consistency, completeness and compactness,” in Proc. IEEE ICDCS, 2004, pp. 320–327.

M. G. Gouda and A. X. Liu, “Structured firewall design,” Comput. Netw., vol. 51, no. 4, pp. 1106–1120, 2007.

P. Gupta, “Algorithms for routing lookups and packet classification,” Ph.D. dissertation, Stanford Univ., Stanford, CA, 2000.

A. X. Liu and F. Chen, “Collaborative enforcement of firewall policies in virtual private networks,” in Proc. ACM PODC, 2008, pp. 95–104.

A. X. Liu and M. G. Gouda, “Diverse firewall design,” IEEE Trans. Parallel Distrib. Syst., vol. 19, no. 8, pp. 1237–1251, Sep. 2008.

A. X. Liu and M. G. Gouda, “Complete redundancy removal for packet classifiers in TCAMs,” IEEE Trans. Parallel Distrib. Syst., vol. 21, no. 4, pp. 424–437, Apr. 2010.

A. X. Liu, C. R. Meiners, and E. Torng, “TCAM Razor: A systematic approach towards minimizing packet classifiers in TCAMs,” IEEE/ACM Trans. Netw., vol. 18, no. 2, pp. 490–500, Apr. 2010.

A. X. Liu, C. R. Meiners, and Y. Zhou, “All-match based complete redundancy removal for packet classifiers in TCAMs,” in Proc. IEEE INFOCOM, 2008, pp. 574–582.


  • There are currently no refbacks.

Copyright © 2012 - 2021, All rights reserved.|

Creative Commons License
International Journal of Innovative Technology and Research is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJITR , Permissions beyond the scope of this license may be available at