Filtragem de Pacotes na Borda da Rede: Uma Análise Comparativa com Foco no Consumo de Energia
Abstract
Edge Security is concerned with protecting not only the devices connected at the borders of the network, but also the core of the network from the traffic generated at these devices. Threat detection systems analyze the behavior of edge computing devices for potential threats and apply policies as early as possible, before they scale the infrastructure. Many aspects make edge security in edge particularly sensitive due to the low computational capacity of devices and the need to aggressively minimize energy consumption. In this sense, this paper presents the results of a comparative analysis of packet filtering using different operating system hooks in a Linux system, ranging from as close to the interface device to using userspace tools. Besides evaluating the CPU load, it was also measured energy consumption in each case. Analysis shows the importance of packet processing always taking place at the lowest layers of the operating system.References
HICKMAN, B. et al. Benchmarking Methodology for Firewall Performance. Disponível em: [link]. Acesso em: 28 ago. 2023.
HØILAND-JØRGENSEN, T. et al. The eXpress data path. Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies, 4 dez. 2018.
JIANG, W. et al. The Road Towards 6G: A Comprehensive Survey. IEEE Open Journal of the Communications Society, v. 2, p. 334–366, 2021.
MCCANNE, S.; JACOBSON, V. The BSD packet filter: a new architecture for user-level packet capture. p. 2–2, 25 jan. 1993.
MELKOV, D.; SALTIS, A.; PAULIKAS, S. Performance Testing of Linux Firewalls. 2020 IEEE Open Conference of Electrical, Electronic and Information Sciences (eStream), abr. 2020.
MITRA, P. et al. Towards 6G Communications: Architecture, Challenges, and Future Directions. Disponível em: [link]. Acesso em: 28 ago. 2023.
PORAMBAGE, P. et al. The Roadmap to 6G Security and Privacy. IEEE Open Journal of the Communications Society, v. 2, p. 1094–1122, 2021.
SCHOLZ, D. et al. Performance Implications of Packet Filtering with Linux eBPF. 2018 30th International Teletraffic Congress (ITC 30), set. 2018.
SILVERIO, A. Energy Measurement Packet Filtering Analysis. Disponível em: [link]. Acesso em: 28 ago. 2023.
Standalone MW100 | Yokogawa Electric Corporation. Disponível em: [link]. Acesso em: 28 ago. 2023.
VIEIRA, M. A. M. et al. Fast Packet Processing with eBPF and XDP. ACM Computing Surveys, v. 53, n. 1, p. 1–36, 29 maio 2020.
XIAO, Y. et al. Edge Computing Security: State of the Art and Challenges. Proceedings of the IEEE, v. 107, n. 8, p. 1608–1631, ago. 2019.
HØILAND-JØRGENSEN, T. et al. The eXpress data path. Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies, 4 dez. 2018.
JIANG, W. et al. The Road Towards 6G: A Comprehensive Survey. IEEE Open Journal of the Communications Society, v. 2, p. 334–366, 2021.
MCCANNE, S.; JACOBSON, V. The BSD packet filter: a new architecture for user-level packet capture. p. 2–2, 25 jan. 1993.
MELKOV, D.; SALTIS, A.; PAULIKAS, S. Performance Testing of Linux Firewalls. 2020 IEEE Open Conference of Electrical, Electronic and Information Sciences (eStream), abr. 2020.
MITRA, P. et al. Towards 6G Communications: Architecture, Challenges, and Future Directions. Disponível em: [link]. Acesso em: 28 ago. 2023.
PORAMBAGE, P. et al. The Roadmap to 6G Security and Privacy. IEEE Open Journal of the Communications Society, v. 2, p. 1094–1122, 2021.
SCHOLZ, D. et al. Performance Implications of Packet Filtering with Linux eBPF. 2018 30th International Teletraffic Congress (ITC 30), set. 2018.
SILVERIO, A. Energy Measurement Packet Filtering Analysis. Disponível em: [link]. Acesso em: 28 ago. 2023.
Standalone MW100 | Yokogawa Electric Corporation. Disponível em: [link]. Acesso em: 28 ago. 2023.
VIEIRA, M. A. M. et al. Fast Packet Processing with eBPF and XDP. ACM Computing Surveys, v. 53, n. 1, p. 1–36, 29 maio 2020.
XIAO, Y. et al. Edge Computing Security: State of the Art and Challenges. Proceedings of the IEEE, v. 107, n. 8, p. 1608–1631, ago. 2019.
Published
2023-09-18
How to Cite
SILVERIO, Arthur Eugenio; GUARDIA, Hélio Crestana.
Filtragem de Pacotes na Borda da Rede: Uma Análise Comparativa com Foco no Consumo de Energia. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 129-140.
DOI: https://doi.org/10.5753/sbseg_estendido.2023.233896.
