Methods, systems, and computer program products for network firewall policy optimization

Fulp, Errin W; Tarsa, Stephen J

Methods, systems, and computer program products for network firewall policy optimization

Patent · 18 October 2011

OSTI ID:1028661

Fulp, Errin W ^[1]; Tarsa, Stephen J ^[2]

Winston-Salem, NC
Duxbury, MA

Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.

View Patent

Research Organization:: Wake Forest University (Winston-Salem, NC)

Sponsoring Organization:: USDOE

DOE Contract Number:: FG02-03ER25581

Assignee:: Wake Forest University (Winston-Salem, NC)

Patent Number(s):: 8,042,167

Application Number:: 11/390,976

OSTI ID:: 1028661

Country of Publication:: United States

Language:: English

References (27)

Various optimizers for single-stage production Smith, Wayne E. Naval Research Logistics Quarterly, Vol. 3, Issue 1-2 https://doi.org/10.1002/nav.3800030106	journal	March 1956
A Full Bandwidth ATM Firewall Paul, Olivier; Laurent, Maryline; Gombault, Sylvain Lecture Notes in Computer Science https://doi.org/10.1007/10722599_13	book	January 2000
Firewall Policy Advisor for Anomaly Discovery and Rule Editing Al-Shaer, Ehab S.; Hamed, Hazem H. Integrated Network Management VIII https://doi.org/10.1007/978-0-387-35674-7_2	book	January 2003
Sequencing Jobs to Minimize Total Weighted Completion Time Subject to Precedence Constraints Lawler, E. L. Algorithmic Aspects of Combinatorics https://doi.org/10.1016/S0167-5060(08)70323-6	book	January 1978
Optimization and Approximation in Deterministic Sequencing and Scheduling: a Survey Graham, Ronald L.; Lawler, Eugene L.; Lenstra, Jan Karel Annals of Discrete Mathematics, Vol. 5, p. 287-326 https://doi.org/10.1016/S0167-5060(08)70356-X	book	January 1979
LSMAC vs. LSNAT: Scalable cluster‐based Web servers Gan, Xuehong; Schroeder, Trevor; Goddard, Steve Cluster Computing, Vol. 3, Issue 3, p. 175-185 https://doi.org/10.1023/A:1019084304980	journal	November 2000
Network firewalls Bellovin, S. M.; Cheswick, W. R. IEEE Communications Magazine, Vol. 32, Issue 9 https://doi.org/10.1109/35.312843	journal	September 1994
Design and evaluation of a high-performance ATM firewall switch and its applications Xu, Jun; Singhal, M. IEEE Journal on Selected Areas in Communications, Vol. 17, Issue 6, p. 1190-1200 https://doi.org/10.1109/49.772457	journal	June 1999
On the self-similar nature of Ethernet traffic (extended version) Leland, W. E.; Taqqu, M. S.; Willinger, W. IEEE/ACM Transactions on Networking, Vol. 2, Issue 1 https://doi.org/10.1109/90.282603	journal	January 1994
Router plugins: a software architecture for next-generation routers Decasper, D.; Dittia, Z.; Parulkar, G. IEEE/ACM Transactions on Networking, Vol. 8, Issue 1 https://doi.org/10.1109/90.836474	journal	January 2000
A parallel packet screen for high speed networks Benecke, C. Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99) https://doi.org/10.1109/CSAC.1999.816014	conference	January 1999
Preventing denial of service attacks on quality of service Fulp, E.; Fu, Zhi; Reeves, D. S. Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01 https://doi.org/10.1109/DISCEX.2001.932169	conference	June 2001
Development framework for firewall processors Lee, T. K.; Yusuf, S.; Luk, W. 2002 IEEE International Conference on Field-Programmable Technology (FPT), 2002 IEEE International Conference on Field-Programmable Technology, 2002. (FPT). Proceedings. https://doi.org/10.1109/FPT.2002.1188709	conference	January 2002
An unavailability analysis of firewall sandwich configurations Goddard, S.; Kieckhafer, R.; Zhang, Yuping Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking https://doi.org/10.1109/HASE.2001.966815	conference	October 2001
Fast firewall implementations for software and hardware-based routers Qiu, Lili; Varghese, G.; Suri, S. Proceedings Ninth International Conference on Network Protocols. ICNP 2001 https://doi.org/10.1109/ICNP.2001.992904	conference	November 2001
Detecting and resolving packet filter conflicts Hari, A.; Suri, S.; Parulkar, G. Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064) https://doi.org/10.1109/INFCOM.2000.832496	conference	January 2000
Fast packet classification for two-dimensional conflict-free filters Warkhede, P.; Suri, S.; Varghese, G. Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213) https://doi.org/10.1109/INFCOM.2001.916639	conference	January 2001
Balancing Trie-Based Policy Representations for Network Firewalls Tarsa, S. J.; Fulp, E. W. 11th IEEE Symposium on Computers and Communications (ISCC'06) https://doi.org/10.1109/ISCC.2006.44	conference	January 2006
Modeling and Management of Firewall Policies Al-Shaer, Ehab S.; Hamed, Hazem H. IEEE Transactions on Network and Service Management, Vol. 1, Issue 1 https://doi.org/10.1109/TNSM.2004.4623689	journal	April 2004
Counting linear extensions is #P-complete Brightwell, Graham; Winkler, Peter Proceedings of the twenty-third annual ACM symposium on Theory of computing - STOC '91 https://doi.org/10.1145/103418.103441	conference	January 1991
Small forwarding tables for fast routing lookups Degermark, Mikael; Brodnik, Andrej; Carlsson, Svante ACM SIGCOMM Computer Communication Review, Vol. 27, Issue 4 https://doi.org/10.1145/263109.263133	journal	October 1997
Fast and scalable layer four switching Srinivasan, V.; Varghese, G.; Suri, S. ACM SIGCOMM Computer Communication Review, Vol. 28, Issue 4 https://doi.org/10.1145/285243.285282	journal	October 1998
Analysis of a heuristic for full trie minimization Comer, Douglas ACM Transactions on Database Systems, Vol. 6, Issue 3 https://doi.org/10.1145/319587.319618	journal	September 1981
Algorithms for trie compaction Al-Suwaiyel, M.; Horowitz, E. ACM Transactions on Database Systems, Vol. 9, Issue 2 https://doi.org/10.1145/329.295	journal	June 1984
On self-organizing sequential search heuristics Rivest, Ronald Communications of the ACM, Vol. 19, Issue 2 https://doi.org/10.1145/359997.360000	journal	February 1976
Complexity of Scheduling under Precedence Constraints Lenstra, J. K.; Rinnooy Kan, A. H. G. Operations Research, Vol. 26, Issue 1 https://doi.org/10.1287/opre.26.1.22	journal	February 1978
Using IDDs for Packet Filtering Christiansen, Mikkel; Fleury, Emmanuel BRICS Report Series, Vol. 9, Issue 43 https://doi.org/10.7146/brics.v9i43.21758	journal	June 2002

Similar Records

Method, systems, and computer program products for implementing function-parallel network firewall

Patent · 2011 · OSTI ID:1028984

Firewall Architectures for High-Speed Networks: Final Report

Technical Report · 2007 · OSTI ID:924750

Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks

Technical Report · 2009 · OSTI ID:963374

Related Subjects

97 MATHEMATICS AND COMPUTING

Methods, systems, and computer program products for network firewall policy optimization

Citation Formats

References (27)

Similar Records

Related Subjects