Given that nowadays users access content mostly through mobile apps and web services, both based on HTTP, several filtering applications, such as parental control, malware detection, and corporate policy enforcement, require inspecting Universal Resource Locators (URLs) contained in HTTP requests. Currently, such filtering is most commonly performed in end devices or in middleboxes. Filtering applications running on end devices are less resource intensive because they operate only on traffic from a single user and possibly leverage a hook at the HTTP level to access protocol data, but it is left to the user whether to execute them. On the other hand, middleboxes present the challenge of ensuring that they lay on the path of all the traffic from any relevant device. Residential gateways seem to be the ideal place where to implement traffic filtering because they forward all traffic generated by the hosts on home(-office) networks. However, these devices usually have very limited computation and memory resources, while URL-based filtering is quite demanding. In fact existing approaches rely on a large database of rules coupled with either deep packet inspection or transparent proxying for URL extraction. This paper introduces U-Filter, a URL filtering solution based on a distributed architecture where a lightweight, efficient URL extraction and policy enforcement component runs on residential gateways, delegating to a remote policy server the resource intensive task of verifying policy compliance. Thanks to the lightweight communication between the two components and the very limited resource requirements of the local module, U-Filter (i) can be deployed on resource-limited devices such as residential gateways, and (ii) has almost no impact on the performance of the device, as well as on the users’ browsing experience, as demonstrated by the experiments presented in the paper.

Enforcement of dynamic HTTP policies on resource-constrained residential gateways / Bonafiglia, Roberto; Sapio, Amedeo; Baldi, Mario; Risso, FULVIO GIOVANNI OTTAVIO; Pomi, Paolo C.. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - STAMPA. - 123:(2017), pp. 169-183. [10.1016/j.comnet.2017.05.016]

Enforcement of dynamic HTTP policies on resource-constrained residential gateways

BONAFIGLIA, ROBERTO;SAPIO, AMEDEO;BALDI, MARIO;RISSO, FULVIO GIOVANNI OTTAVIO;
2017

Abstract

Given that nowadays users access content mostly through mobile apps and web services, both based on HTTP, several filtering applications, such as parental control, malware detection, and corporate policy enforcement, require inspecting Universal Resource Locators (URLs) contained in HTTP requests. Currently, such filtering is most commonly performed in end devices or in middleboxes. Filtering applications running on end devices are less resource intensive because they operate only on traffic from a single user and possibly leverage a hook at the HTTP level to access protocol data, but it is left to the user whether to execute them. On the other hand, middleboxes present the challenge of ensuring that they lay on the path of all the traffic from any relevant device. Residential gateways seem to be the ideal place where to implement traffic filtering because they forward all traffic generated by the hosts on home(-office) networks. However, these devices usually have very limited computation and memory resources, while URL-based filtering is quite demanding. In fact existing approaches rely on a large database of rules coupled with either deep packet inspection or transparent proxying for URL extraction. This paper introduces U-Filter, a URL filtering solution based on a distributed architecture where a lightweight, efficient URL extraction and policy enforcement component runs on residential gateways, delegating to a remote policy server the resource intensive task of verifying policy compliance. Thanks to the lightweight communication between the two components and the very limited resource requirements of the local module, U-Filter (i) can be deployed on resource-limited devices such as residential gateways, and (ii) has almost no impact on the performance of the device, as well as on the users’ browsing experience, as demonstrated by the experiments presented in the paper.
File in questo prodotto:
File Dimensione Formato  
17Comnet-Ufilter.pdf

Open Access dal 13/05/2019

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Creative commons
Dimensione 3.76 MB
Formato Adobe PDF
3.76 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2679585
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo