Research On Hardware Firewall System Based On ARM

From its born to now,Firewall is always the key technology in the realm of network security,which plays as an important role in the aspect of network security safeguard.Wtih the rapid development of Internet,informationization and cyberization become popular,it also become more and more important.In order to enable it accomplish these arduous assignments which are checking the numerous packets in network traffic quickly and deeply,dealing with kinds of threaten which comes from any network layer,It's inevitable developmental tendency to build the Firewall on hardware platform instead of by software.This thesis expounds the situation of the reasearch in the field of network security and its momentous significance,analyzes the development status of Firewall,briefly proposes the developmental tendency of Firewall in the future.Then it emphasizes the conception,function and classification of Firewall.It highlights the realization of Snort which is the famous Open-Source tool of Intrusion Detection Systems(IDS), presents Iptables/Netfilter which is a module of Linux,then contrastive analysises the algorithm of String-Match based on software or hardware which are popular.From above analysis it puts forward an idea of building the hardware Firewall system which is based on ARM and Content-Addressable Memory(CAM).The system improves on the module of payload checking in Snort,replaces its primary way of checking orderly with our solution which adopts CAM and Wu-Manber Multi-Pattern Match Algorithm,CAM only matches short patterns and Wu-Manber only matches long patterns,combines Snort with Iptables/Netfilter and migrates it to the embedded platform based on ARM,monitors the status of Firewall and updates rules from PC.The entire circuit of Firewall is designed,it highlights the design of CAM which is based on the analysis of the Snort VRT 2.4 Free Rule Sets which belongs to Sourcefire,After the simulation of relation between the length of rules which are assigned to CAM to match and the average time used by system,we get the best length of rule;In the software part,the execution of bootloader,the reduction and transplantation of Linux kernel,execution of root file system are investigated.It detailedly expounds how to design and use the driver of MCM69C432 which is the special CAM chip produced by Motorola,also analyzes the implementation of communication protocol between Firewall and PC.The system is simulated by programming,and is tested based on the DARPA 1999 dataset,the testing results show that the efficiency of system is improved,the filtering speed can achieve our requirement,and it proves that the hardware Firewall system is feasible.At last,it summarizes its work,points out its shortcoming and good application prospect.