Abstract
In this paper we discuss IP layer packet filtering and an application level gateway approach used to secure handheld devices when providing and using web services. We propose a firewall management plane as a means for cross layer interaction. In our approach the application level gateway updates the IP layer firewall rules based on its knowledge about whether or not a certain source is sending malicious packets. We show that such a cross layer interaction can significantly decrease the CPU load in case of attacks, i.e., if many malicious packets arrive at the handheld device. Our measurement results show that the additional overhead for IP layer filtering is less than 10 per cent, if the number of applied rule sets is less than 200. In addition our cross layer approach can reduce the CPU load caused by the application layer gateway by about 10 up to 30 per cent.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Netfilter/iptables Project Homepage, http://www.netfilter.org
nf-HiPAC: High Performance Firewall for Linux Netfilter, http://www.hipac.org
Extensible Markup Language (XML) 1.0 (3rd edn.), http://www.w3.org/TR/2004/REC-xml-20040204
Wireless Security Software for Handheld Mobile Devices from Bluefire Security Technologies, http://www.bluefiresecurity.com/
Trust Digital - Solutions - TRUST Mobile Device Applications, http://www.trustdigital.com
Security Basics for PDAs and Handheld PCs, http://www.smallbusinesscomputing.com/webmaster/article.php/10732_3400641_2
Web Services Security (WS-Security), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
XML Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core/
Reactivity: The Secure Web Services Deployment System, http://www.reactivity.com/
Forum Systems, Inc. - The Leader In Web Services Security, http://www.forumsystems.com
XML-Security-C, http://xml-security-c.sourceforge.net
Handhelds.org - Open Source Operating Systems for Handheld Devices, www.handhelds.org
OASIS, Security Assertion Markup Language (SAML) V2.0, available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#samlv20
Robert van Engelen, gSOAP 2.7.2 User Guide, available at: http://gsoap2.com/sourceforge
Forum Systems: Anatomy of a Web Services Attack: A Guide to Threats and Preventive Countermeasures (2004), available at http://forumsystems.com/papers/Anatomy_of_Attack_wp.pdf
Bellovin, M.: nf-HiPAC High Performance Packet Classification High Performance Packet Classification for Linux Netfilter (2005), available at: http://www.hipac.org/documentation/nf-hipac-nfws2005.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Langendoerfer, P., Lehmann, M., Piotrowski, K. (2006). Efficient Protection of Mobile Devices by Cross Layer Interaction of Firewall Approaches. In: Braun, T., Carle, G., Fahmy, S., Koucheryavy, Y. (eds) Wired/Wireless Internet Communications. WWIC 2006. Lecture Notes in Computer Science, vol 3970. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11750390_14
Download citation
DOI: https://doi.org/10.1007/11750390_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34023-2
Online ISBN: 978-3-540-34024-9
eBook Packages: Computer ScienceComputer Science (R0)