Improving cloud network security using tree-rule firewall

Xiangjian He, Thawatchai Chomsiri, Priyadarsi Nanda, Zhiyuan Tan

    Research output: Contribution to journalArticleAcademicpeer-review

    35 Citations (Scopus)
    395 Downloads (Pure)


    This study proposes a new model of firewall called the ‘Tree-Rule Firewall’, which offers various benefits and is applicable for large networks such as ‘cloud’ networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their limitations in performing the tasks and are inapplicable for working on some networks with huge firewall rule sizes. The Listed-Rule firewall is mathematically tested in this paper to prove that the firewall potentially causes conflict rules and redundant rules and hence leads to problematic network security systems and slow functional speed. To overcome these problems, we show the design and development of Tree-Rule firewall that does not create conflict rules and redundant rules. In a Tree-Rule firewall, the rule positioning is based on a tree structure instead of traditional rule listing. To manage firewall rules, we implement a Tree-Rule firewall on the Linux platform and test it on a regular network and under a cloud environment respectively to show its performance. It is demonstrated that the Tree-Rule firewall offers better network security and functional speed than the Listed-Rule firewall. Compared to the Listed-Rule firewall, rules of the Tree-Rule firewall are easier to be created, especially on a large network such as a cloud network.
    Original languageUndefined
    Pages (from-to)116-126
    Number of pages11
    JournalFuture generation computer systems
    Publication statusPublished - Jan 2014


    • EWI-25294
    • SCS-Cybersecurity
    • Firewall
    • Network Security
    • Cloud computing
    • METIS-309654
    • IR-92849
    • Cloud security
    • Tree-Rule firewall

    Cite this