DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Methods, systems, and computer program products for network firewall policy optimization

Abstract

Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.

Inventors:
 [1];  [2]
  1. Winston-Salem, NC
  2. Duxbury, MA
Issue Date:
Research Org.:
Wake Forest University (Winston-Salem, NC)
Sponsoring Org.:
USDOE
OSTI Identifier:
1028661
Patent Number(s):
8042167
Application Number:
11/390,976
Assignee:
Wake Forest University (Winston-Salem, NC)
Patent Classifications (CPCs):
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
FG02-03ER25581
Resource Type:
Patent
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Fulp, Errin W, and Tarsa, Stephen J. Methods, systems, and computer program products for network firewall policy optimization. United States: N. p., 2011. Web.
Fulp, Errin W, & Tarsa, Stephen J. Methods, systems, and computer program products for network firewall policy optimization. United States.
Fulp, Errin W, and Tarsa, Stephen J. Tue . "Methods, systems, and computer program products for network firewall policy optimization". United States. https://www.osti.gov/servlets/purl/1028661.
@article{osti_1028661,
title = {Methods, systems, and computer program products for network firewall policy optimization},
author = {Fulp, Errin W and Tarsa, Stephen J},
abstractNote = {Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2011},
month = {10}
}

Works referenced in this record:

Preventing denial of service attacks on quality of service
conference, June 2001


Small forwarding tables for fast routing lookups
journal, October 1997


Fast firewall implementations for software and hardware-based routers
conference, November 2001


On self-organizing sequential search heuristics
journal, February 1976


A Full Bandwidth ATM Firewall
book, January 2000


An unavailability analysis of firewall sandwich configurations
conference, October 2001

  • Goddard, S.; Kieckhafer, R.; Zhang, Yuping
  • Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking
  • https://doi.org/10.1109/HASE.2001.966815

Complexity of Scheduling under Precedence Constraints
journal, February 1978


Modeling and Management of Firewall Policies
journal, April 2004


Development framework for firewall processors
conference, January 2002

  • Lee, T. K.; Yusuf, S.; Luk, W.
  • 2002 IEEE International Conference on Field-Programmable Technology (FPT), 2002 IEEE International Conference on Field-Programmable Technology, 2002. (FPT). Proceedings.
  • https://doi.org/10.1109/FPT.2002.1188709

Counting linear extensions is #P-complete
conference, January 1991


A parallel packet screen for high speed networks
conference, January 1999


Using IDDs for Packet Filtering
journal, June 2002


Balancing Trie-Based Policy Representations for Network Firewalls
conference, January 2006


Design and evaluation of a high-performance ATM firewall switch and its applications
journal, June 1999


Detecting and resolving packet filter conflicts
conference, January 2000

  • Hari, A.; Suri, S.; Parulkar, G.
  • Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
  • https://doi.org/10.1109/INFCOM.2000.832496

Firewall Policy Advisor for Anomaly Discovery and Rule Editing
book, January 2003


Fast packet classification for two-dimensional conflict-free filters
conference, January 2001

  • Warkhede, P.; Suri, S.; Varghese, G.
  • Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213)
  • https://doi.org/10.1109/INFCOM.2001.916639

LSMAC vs. LSNAT: Scalable cluster‐based Web servers
journal, November 2000


Algorithms for trie compaction
journal, June 1984


Network firewalls
journal, September 1994


Analysis of a heuristic for full trie minimization
journal, September 1981


Router plugins: a software architecture for next-generation routers
journal, January 2000


On the self-similar nature of Ethernet traffic (extended version)
journal, January 1994


Fast and scalable layer four switching
journal, October 1998


Various optimizers for single-stage production
journal, March 1956