Abstract This thesis considers the introduction of new techniques insuring high throughput and services differentiation for customers in public and private networks. ATM networks are a good example where these techniques have been successfully deployed. However these techniques cannot be used with firewalls for several reasons. Firewalls are not designed to respect quality of service and usually cannot sustain high throughputs. Moreover, firewalls do not generally take ATM access control parameters into account.
The goal of this thesis is to deal with these three problems. We first provide and classify ATM access control parameters. We then focus on IP over ATM network architectures and show how these parameters can be used in two new access control architectures. These architectures are designed to sustain high throughputs while providing guarantees about ATM quality of service.
The first architecture reaches these goals by using a distributed and asynchronous access control process where the access control service is provided by access control agents that can be located on any device within the network to protect. Our second proposal aims to improve existing access control architectures by defining a new flow classification algorithm. We show how this algorithm can be combined with an existing cell analysis network interface card, making it possible to build an high speed ATM firewall offering QoS guarantees.
Our third contribution develops new techniques allowing distributed access control architectures to be managed securely and efficiently.