n South African Computer Journal - Semantics, implementation and performance of dynamic access lists for TCP/IP packet filtering : research article

Volume 2004, Issue 33
  • ISSN : 1015-7999
  • E-ISSN: 2313-7835



The use of IP filtering to improve system security is well established, and although limited in what it can achieve has proved to be efficient and effective. In the design of a security policy there is always a trade-off between usability and security. Static access lists make finding a balance particularly stark. Dynamic access lists would allow the rules to change for short periods of time, and to allow local changes by non-experts. The network administrator can set basic security guide-lines which allow certain basic services only. All other services are restricted, but users are able to request temporary exceptions in order to allow additional access to the network. These exceptions are granted depending on the privileges of the user. The paper presents and justifies a semantics for dynamic access lists. An efficient method of implementing the dynamic semantics is proposed and experimentally validated. The experiments show that a useful dynamic semantics can be implemented with small memory costs and modest time costs.

Loading full text...

Full text loading...


Article metrics loading...


This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error