skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Methods, systems, and computer program products for network firewall policy optimization

Abstract

Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.

Inventors:
 [1];  [2]
  1. Winston-Salem, NC
  2. Duxbury, MA
Issue Date:
Research Org.:
Wake Forest University (Winston-Salem, NC)
Sponsoring Org.:
USDOE
OSTI Identifier:
1028661
Patent Number(s):
8042167
Application Number:
11/390,976
Assignee:
Wake Forest University (Winston-Salem, NC)
Patent Classifications (CPCs):
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
FG02-03ER25581
Resource Type:
Patent
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Fulp, Errin W, and Tarsa, Stephen J. Methods, systems, and computer program products for network firewall policy optimization. United States: N. p., 2011. Web.
Fulp, Errin W, & Tarsa, Stephen J. Methods, systems, and computer program products for network firewall policy optimization. United States.
Fulp, Errin W, and Tarsa, Stephen J. Tue . "Methods, systems, and computer program products for network firewall policy optimization". United States. https://www.osti.gov/servlets/purl/1028661.
@article{osti_1028661,
title = {Methods, systems, and computer program products for network firewall policy optimization},
author = {Fulp, Errin W and Tarsa, Stephen J},
abstractNote = {Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2011},
month = {10}
}

Patent:

Save / Share:

Works referenced in this record:

Small forwarding tables for fast routing lookups
journal, October 1997


On self-organizing sequential search heuristics
journal, February 1976


Complexity of Scheduling under Precedence Constraints
journal, February 1978


Modeling and Management of Firewall Policies
journal, April 2004


Development framework for firewall processors
conference, January 2002

  • Lee, T. K.; Yusuf, S.; Luk, W.
  • 2002 IEEE International Conference on Field-Programmable Technology (FPT), 2002 IEEE International Conference on Field-Programmable Technology, 2002. (FPT). Proceedings.
  • https://doi.org/10.1109/FPT.2002.1188709

Counting linear extensions is #P-complete
conference, January 1991


A parallel packet screen for high speed networks
conference, January 1999


Using IDDs for Packet Filtering
journal, June 2002


Balancing Trie-Based Policy Representations for Network Firewalls
conference, January 2006


Detecting and resolving packet filter conflicts
conference, January 2000

  • Hari, A.; Suri, S.; Parulkar, G.
  • Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
  • https://doi.org/10.1109/INFCOM.2000.832496

Fast packet classification for two-dimensional conflict-free filters
conference, January 2001

  • Warkhede, P.; Suri, S.; Varghese, G.
  • Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213)
  • https://doi.org/10.1109/INFCOM.2001.916639

Algorithms for trie compaction
journal, June 1984


Network firewalls
journal, September 1994


Analysis of a heuristic for full trie minimization
journal, September 1981


Router plugins: a software architecture for next-generation routers
journal, January 2000


On the self-similar nature of Ethernet traffic (extended version)
journal, January 1994


Fast and scalable layer four switching
journal, October 1998


Various optimizers for single-stage production
journal, March 1956