Network Functions Virtualization (NFV) is expected to provide network systems that offer significantly lower cost and greatly flexibility to network service providers and their users. Unfortunately, it is extremely difficult to implement Virtualized Network Functions (VNFs) that can equal the performance of Physical Network Functions. To realize NFV systems that have adequate performance, it is critical to accurately grasp VNF workload. In this paper, we focus on the virtual firewall as a representative VNF. The workload of the virtual firewall is mostly determined by firewall rule processing and the Access Control List (ACL) configurations. Therefore, we first reveal the major factors influencing the workload of the virtual firewall and some issues of monitoring CPU load as a traditional way of understanding the workload of virtual firewalls through preliminary experiments. Additionally, we propose a new workload metric for the virtual firewall that is derived by mathematical models of the firewall workload in consideration of the packet processing in each rule and the ACL configurations. Furthermore, we show the effectiveness of the proposed workload metric through various experiments.

Ternary Content Addressable Memory (TCAM) is a special type of memory used in routers to achieve high-speed packet forwarding and classification. Packet forwarding is done by referring to the rules written in the routing table, whereas packet classification is performed by referring to the rules in the Access Control List (ACL). TCAM uses more transistors than Random Access Memory (RAM), resulting in high power consumption and high production cost. Therefore, it is necessary to reduce the entries written in the TCAM to reduce the transistor count. In this paper, we propose a new TCAM architecture by using Range Matching Devices (RMD) integrated within the TCAM's control logic with an optimized prefix expansion algorithm. The proposed method reduces the number of entries required to express ACL rules, especially when specifying port ranges. With less than 10 RMDs, the total number of lines required to write port ranges in the TCAM can be reduced to approximately 50%.

This paper proposes a coordinator for workflow management systems (WFMSs). It is a basic module for developing WFMSs. It is also a coordinator to coordinate multiple WFMSs. The coordinator provides functions to facilitate executing workflows and to ensure secure access of workflow information. Facilitating workflow execution is well-known, but ensuring secure access of workflow information is identified as important only recently. Although many models ensure secure workflow information access, they fail to offer the features we need. We thus developed a new model for the control. This paper presents the coordinator its access control model.

Process-centered software engineering environments (PSEEs) facilitate controlling software processes. Many issues related to PSEEs such as process evolution support have been addressed. We identify an unsolved issue, which is preventing information leakage when the process is being enacted. We developed a model called PsACL for the prevention. This paper proposes PsACL, which offers the following features: (a) controlling both read and write access of software products, (b) preventing indirect information leakage, (c) managing role associations, (d) managing role hierarchies, (e) enforcing static and simple dynamic separation-of-duty constraints, (f) allowing declassification of products, and (g) allowing access control information exchange among software processes.