Method, systems, and computer program products for implementing function-parallel network firewall
Abstract
Methods, systems, and computer program products for providing function-parallel firewalls are disclosed. According to one aspect, a function-parallel firewall includes a first firewall node for filtering received packets using a first portion of a rule set including a plurality of rules. The first portion includes less than all of the rules in the rule set. At least one second firewall node filters packets using a second portion of the rule set. The second portion includes at least one rule in the rule set that is not present in the first portion. The first and second portions together include all of the rules in the rule set.
- Inventors:
-
- Winston-Salem, NC
- Issue Date:
- Research Org.:
- Wake Forest University (Winston-Salem, NC)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1028984
- Patent Number(s):
- 8037517
- Application Number:
- 11/316,331
- Assignee:
- Wake Forest University (Winston-Salem, NC)
- Patent Classifications (CPCs):
-
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- FG02-03ER25581
- Resource Type:
- Patent
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Fulp, Errin W, and Farley, Ryan J. Method, systems, and computer program products for implementing function-parallel network firewall. United States: N. p., 2011.
Web.
Fulp, Errin W, & Farley, Ryan J. Method, systems, and computer program products for implementing function-parallel network firewall. United States.
Fulp, Errin W, and Farley, Ryan J. Tue .
"Method, systems, and computer program products for implementing function-parallel network firewall". United States. https://www.osti.gov/servlets/purl/1028984.
@article{osti_1028984,
title = {Method, systems, and computer program products for implementing function-parallel network firewall},
author = {Fulp, Errin W and Farley, Ryan J},
abstractNote = {Methods, systems, and computer program products for providing function-parallel firewalls are disclosed. According to one aspect, a function-parallel firewall includes a first firewall node for filtering received packets using a first portion of a rule set including a plurality of rules. The first portion includes less than all of the rules in the rule set. At least one second firewall node filters packets using a second portion of the rule set. The second portion includes at least one rule in the rule set that is not present in the first portion. The first and second portions together include all of the rules in the rule set.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Oct 11 00:00:00 EDT 2011},
month = {Tue Oct 11 00:00:00 EDT 2011}
}
Works referenced in this record:
Preventing denial of service attacks on quality of service
conference, June 2001
- Fulp, E.; Fu, Zhi; Reeves, D. S.
- Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01
Small forwarding tables for fast routing lookups
journal, October 1997
- Degermark, Mikael; Brodnik, Andrej; Carlsson, Svante
- ACM SIGCOMM Computer Communication Review, Vol. 27, Issue 4
Fast firewall implementations for software and hardware-based routers
conference, November 2001
- Qiu, Lili; Varghese, G.; Suri, S.
- Proceedings Ninth International Conference on Network Protocols. ICNP 2001
Sequencing Jobs to Minimize Total Weighted Completion Time Subject to Precedence Constraints
book, January 1978
- Lawler, E. L.
- Algorithmic Aspects of Combinatorics
On self-organizing sequential search heuristics
journal, February 1976
- Rivest, Ronald
- Communications of the ACM, Vol. 19, Issue 2
A Full Bandwidth ATM Firewall
book, January 2000
- Paul, Olivier; Laurent, Maryline; Gombault, Sylvain
- Lecture Notes in Computer Science
An unavailability analysis of firewall sandwich configurations
conference, October 2001
- Goddard, S.; Kieckhafer, R.; Zhang, Yuping
- Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking
Complexity of Scheduling under Precedence Constraints
journal, February 1978
- Lenstra, J. K.; Rinnooy Kan, A. H. G.
- Operations Research, Vol. 26, Issue 1
Modeling and Management of Firewall Policies
journal, April 2004
- Al-Shaer, Ehab S.; Hamed, Hazem H.
- IEEE Transactions on Network and Service Management, Vol. 1, Issue 1
Development framework for firewall processors
conference, January 2002
- Lee, T. K.; Yusuf, S.; Luk, W.
- 2002 IEEE International Conference on Field-Programmable Technology (FPT), 2002 IEEE International Conference on Field-Programmable Technology, 2002. (FPT). Proceedings.
Counting linear extensions is #P-complete
conference, January 1991
- Brightwell, Graham; Winkler, Peter
- Proceedings of the twenty-third annual ACM symposium on Theory of computing - STOC '91
A parallel packet screen for high speed networks
conference, January 1999
- Benecke, C.
- Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
Using IDDs for Packet Filtering
journal, June 2002
- Christiansen, Mikkel; Fleury, Emmanuel
- BRICS Report Series, Vol. 9, Issue 43
Balancing Trie-Based Policy Representations for Network Firewalls
conference, January 2006
- Tarsa, S. J.; Fulp, E. W.
- 11th IEEE Symposium on Computers and Communications (ISCC'06)
Design and evaluation of a high-performance ATM firewall switch and its applications
journal, June 1999
- Xu, Jun; Singhal, M.
- IEEE Journal on Selected Areas in Communications, Vol. 17, Issue 6, p. 1190-1200
Detecting and resolving packet filter conflicts
conference, January 2000
- Hari, A.; Suri, S.; Parulkar, G.
- Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
Firewall Policy Advisor for Anomaly Discovery and Rule Editing
book, January 2003
- Al-Shaer, Ehab S.; Hamed, Hazem H.
- Integrated Network Management VIII
Fast packet classification for two-dimensional conflict-free filters
conference, January 2001
- Warkhede, P.; Suri, S.; Varghese, G.
- Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213)
LSMAC vs. LSNAT: Scalable cluster‐based Web servers
journal, November 2000
- Gan, Xuehong; Schroeder, Trevor; Goddard, Steve
- Cluster Computing, Vol. 3, Issue 3, p. 175-185
Algorithms for trie compaction
journal, June 1984
- Al-Suwaiyel, M.; Horowitz, E.
- ACM Transactions on Database Systems, Vol. 9, Issue 2
Network firewalls
journal, September 1994
- Bellovin, S. M.; Cheswick, W. R.
- IEEE Communications Magazine, Vol. 32, Issue 9
Analysis of a heuristic for full trie minimization
journal, September 1981
- Comer, Douglas
- ACM Transactions on Database Systems, Vol. 6, Issue 3
Router plugins: a software architecture for next-generation routers
journal, January 2000
- Decasper, D.; Dittia, Z.; Parulkar, G.
- IEEE/ACM Transactions on Networking, Vol. 8, Issue 1
On the self-similar nature of Ethernet traffic (extended version)
journal, January 1994
- Leland, W. E.; Taqqu, M. S.; Willinger, W.
- IEEE/ACM Transactions on Networking, Vol. 2, Issue 1
Fast and scalable layer four switching
journal, October 1998
- Srinivasan, V.; Varghese, G.; Suri, S.
- ACM SIGCOMM Computer Communication Review, Vol. 28, Issue 4
Various optimizers for single-stage production
journal, March 1956
- Smith, Wayne E.
- Naval Research Logistics Quarterly, Vol. 3, Issue 1-2