skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Efficient packet forwarding using cyber-security aware policies

Abstract

For balancing load, a forwarder can selectively direct data from the forwarder to a processor according to a loading parameter. The selective direction includes forwarding the data to the processor for processing, transforming and/or forwarding the data to another node, and dropping the data. The forwarder can also adjust the loading parameter based on, at least in part, feedback received from the processor. One or more processing elements can store values associated with one or more flows into a structure without locking the structure. The stored values can be used to determine how to direct the flows, e.g., whether to process a flow or to drop it. The structure can be used within an information channel providing feedback to a processor.

Inventors:
Publication Date:
Research Org.:
SIGNIFICS AND ELEMENTS, LLC, New York, NY (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1349673
Patent Number(s):
9,613,163
Application Number:
14/939,881
Assignee:
SIGNIFICS AND ELEMENTS, LLC CHO
DOE Contract Number:
SC0006343; SC0004400
Resource Type:
Patent
Resource Relation:
Patent File Date: 2015 Nov 12
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Ros-Giralt, Jordi. Efficient packet forwarding using cyber-security aware policies. United States: N. p., 2017. Web.
Ros-Giralt, Jordi. Efficient packet forwarding using cyber-security aware policies. United States.
Ros-Giralt, Jordi. Tue . "Efficient packet forwarding using cyber-security aware policies". United States. doi:. https://www.osti.gov/servlets/purl/1349673.
@article{osti_1349673,
title = {Efficient packet forwarding using cyber-security aware policies},
author = {Ros-Giralt, Jordi},
abstractNote = {For balancing load, a forwarder can selectively direct data from the forwarder to a processor according to a loading parameter. The selective direction includes forwarding the data to the processor for processing, transforming and/or forwarding the data to another node, and dropping the data. The forwarder can also adjust the loading parameter based on, at least in part, feedback received from the processor. One or more processing elements can store values associated with one or more flows into a structure without locking the structure. The stored values can be used to determine how to direct the flows, e.g., whether to process a flow or to drop it. The structure can be used within an information channel providing feedback to a processor.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Apr 04 00:00:00 EDT 2017},
month = {Tue Apr 04 00:00:00 EDT 2017}
}

Patent:

Save / Share:
  • For balancing load, a forwarder can selectively direct data from the forwarder to a processor according to a loading parameter. The selective direction includes forwarding the data to the processor for processing, transforming and/or forwarding the data to another node, and dropping the data. The forwarder can also adjust the loading parameter based on, at least in part, feedback received from the processor. One or more processing elements can store values associated with one or more flows into a structure without locking the structure. The stored values can be used to determine how to direct the flows, e.g., whether tomore » process a flow or to drop it. The structure can be used within an information channel providing feedback to a processor.« less
  • Flexible Alternating Current Transmission Systems (FACTS) devices are installed on electric power transmission lines to stabilize and regulate power flow. Power lines protected by FACTS devices can increase power flow and better respond to contingencies. The University of Missouri Rolla (UMR) is currently working on a multi-year project to examine the potential use of multiple FACTS devices distributed over a large power system region in a cooperative arrangement in which the FACTS devices work together to optimize and stabilize the regional power system. The report describes operational and security challenges that need to be addressed to employ FACTS devices inmore » this way and recommends references, processes, technologies, and policies to address these challenges.« less
  • Cyber security analysts in different geographical and organizational domains are often largely tasked with similar duties, albeit with domain-specific variations. These analysts necessarily perform much of the same work independently‚ÄĒ for instance, analyzing the same list of security bulletins released by largely the same set of software vendors. As such, communication and collaboration between such analysts would be mutually beneficial to the analysts involved, potentially reducing redundancy and offering the opportunity to preemptively alert each other to high-severity security alerts in a more timely fashion. However, several barriers to practical and efficient collaboration exist, and as such, no such frameworkmore » exists to support such efforts. In this paper, we discuss the inherent difficulties which make efficient collaboration between cyber security analysts a difficult goal to achieve. We discuss preliminary ideas and concepts towards a collaborative cyber-security framework currently under development, whose goal is to facilitate analyst collaboration across these boundaries. While still in its early stages, we describe work-in-progress towards achieving this goal, including motivation, functionality, concepts, and a high-level description of the proposed system architecture.« less
  • Public disclosure of important security information, such as knowledge of vulnerabilities or exploits, often occurs in blogs, tweets, mailing lists, and other online sources significantly before proper classification into structured databases. In order to facilitate timely discovery of such knowledge, we propose a novel semi-supervised learning algorithm, PACE, for identifying and classifying relevant entities in text sources. The main contribution of this paper is an enhancement of the traditional bootstrapping method for entity extraction by employing a time-memory trade-off that simultaneously circumvents a costly corpus search while strengthening pattern nomination, which should increase accuracy. An implementation in the cyber-security domainmore » is discussed as well as challenges to Natural Language Processing imposed by the security domain.« less
  • Method and system for hardware packet pacing using a direct memory access controller in a parallel computer which, in one aspect, keeps track of a total number of bytes put on the network as a result of a remote get operation, using a hardware token counter.