next up previous
Next: Packet Filtering and Up: Designing an Academic Previous: The SURF Security

Request-Response Policy


Our implementation of the request-response policy relies primarily on a packet filter located at the firewall perimeter. Some of the responsibilities for recognizing responses to outstanding requests must be delegated to operating system mechanisms provided by protected hosts themselves. However, when application protocols are ill-suited for our request-response paradigm, we must rely on application-level proxies running on bastion hosts.

Sandeep Singhal
Thu Nov 30 01:58:58 PST 1995