Design And Implementation Of Embedded Firewall Based On VxWorks Operating System

The traditional firewall is between Intranet and Internet, whose characteristic is to prevent the intrusion from Internet but cannot prevent the attack from Intranet. Then novel distributed firewall comes out, which can prevent the attack from Intranet. At present, the system structure as well as the design and implementation of this kind of firewall are the research focus of IT security workers.At the same time, with the development of information technology, people are beginning to enter the Post-PC era, each one will have more embedded computing devices. Then, in view of the importance of information security and the research background of author during the study period for a master degree, the work target of this paper is at the embedded firewall based on VxWorks operating system.The main work of this paper is listed as follows.(1) This paper investigates and researches the technology, the basic theory, the history and the basic function of firewall, besides, analyzes the current main design solutions and the research status of distributed firewalls.(2) Under ideas of combining theory with practice, this paper puts forward the function design and structure design of a distributed firewall system. Its function design includes the designs of rule management, access control, forward transmission, log management, safety management and so on. Structure design includes the designs of network topological structure, software module, hardware component structure, interface configuration and so on.(3) This paper analyzes three mainstream IP packet classification algorithms, which are RFC, Grid of Tries and Modular. And then, based on the specific features of embedded system, the paper gives a so called the GTRM algorithm design, which is to realize the IP packet filtering capabilities of the firewall.(4) Based on the task oriented programming method in VxWorks system, the author wrote the programs of the firewall, realized a embedded firewall prototype system, which is named EFWBV. The packet filtering program is run on the CVT-JX2410experimental board, achieved the access control capabilities of EFWBV. At the same time, on PC server, thought coding management program in Linux (Fedora V14), the concentrated management capabilities of EFWBV is achieved.(5) When entering test stage, at first the test scenario of EFWBV is designed. According to a group of advanced test scenarios, the author tested the functions and performances of EFWBV step by step, and analyzed the test results. The test results show that EFWBV preliminarily reached the expected packet filtering capabilities targets.The characteristics distinguish this paper from others’ include:the author gives the improved IP packet classification algorithm GTRM, which is appropriate to be used in the embedded device.