Error message

User warning: The following module has moved within the file system: ldap_user. In order to fix this, clear caches or put the module back in its original location. For more information, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1181 of /usr/local/stow/drupal-7.91/lib/drupal-7.91/includes/


Workshop in Information Security:

Building a Firewall within the Linux Kernel

0368-3500-34, Spring 2015

Lecturer: Eran Tromer
Teaching assistant: Roei Ben Harush
Advisors: Ariel Haviv, Coby Schmidt
Time: Tuesday 10:00-12:00    (you can ignore the "Lab" hours listed in the course list)
Place: Dan David 204

Course overview
Firewalls control and monitor access to networks, and are found in every organization and personal computer. Emerging as an Israeli innovation two decades ago, modern firewalls perform sophisticated packet analysis tasks at a very high throughput.

In this workshop we will study the basic design of firewalls, and recreate the basic firewall functionality using just elementary building blocks of the GNU/Linux operating system. We will extend the Linux kernel with packet analysis capabilities, interface it with userspace programs, and experiment with using this firewall for blocking real-world attacks.

NOTE: Additional projects in applied cryptography and security, other than firewalls, may be available for students with prior knowledge in cryptography, information security, embedded-system programming or GPGPU programming. For details see and contact the lecturer.

The workshop's goals:

  • Become familiar with the Linux kernel, and how to extend it using kernel modules.
  • Understand the TCP/IP protocol, and how it is processed in the Linux kernel.
  • Understand concepts in packet inspection and parsing, and rule-based enforcement.
  • Introduction to network attack techniques, detection and prevention.
  • Gain experience in designing and implementing a modular system.

This workshop is offered in cooperation with industry experts from Check Point, offering a unique exposure to industry's capabilities and needs, and an opportunity for a real-world impact.

During the semester there will be 5-6 class meetings, and several assignments (serving as milestones towards the full project). The workshop projects will be done individually. The large, final assignment can be submitted by the semester's end; we will also allow extension into the summer if accompanied by a realistic work plan.

The assignments will be interesting and cool, but expect intensive and challenging work, and lots of self-learning. Students will be expected to read and learn on their own any concepts and systems that are unfamiliar and needed in order to carry out the project successfully.

Some (but not all) content and assignments will be similar to last year's course, Workshop in Information Security: Building a Firewall within the Linux Kernel 2014.


  • Operating systems (0368-2162)
  • Software Project (0368-2161)

(Exception possibe for students with equivalent prior background.)

Recommended but not mandatory:

  • Communication Networks (0368-3030)
  • Any information security course