Methods, systems, and computer program products for network firewall policy optimization

Fulp, Errin W; Tarsa, Stephen J

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Methods, systems, and computer program products for network firewall policy optimization

Abstract

Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.

Inventors:

Fulp, Errin W ^[1]; Tarsa, Stephen J ^[2]

Winston-Salem, NC
Duxbury, MA

Issue Date:: Tue Oct 18 00:00:00 EDT 2011

Research Org.:: Wake Forest University (Winston-Salem, NC)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1028661

Patent Number(s):: 8042167

Application Number:: 11/390,976

Assignee:: Wake Forest University (Winston-Salem, NC)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/0263 - {Rule management}
H04L63/20 - {for managing network security

Show less

DOE Contract Number:: FG02-03ER25581

Resource Type:: Patent

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Fulp, Errin W, and Tarsa, Stephen J. Methods, systems, and computer program products for network firewall policy optimization.  United States: N. p., 2011. 
        Web.

Copy to clipboard


                    Fulp, Errin W, & Tarsa, Stephen J. Methods, systems, and computer program products for network firewall policy optimization.  United States.

Copy to clipboard


                    Fulp, Errin W, and Tarsa, Stephen J. Tue .  
        "Methods, systems, and computer program products for network firewall policy optimization".  United States.  https://www.osti.gov/servlets/purl/1028661.

Copy to clipboard


                    
@article{osti_1028661,

  title        = {Methods, systems, and computer program products for network firewall policy optimization},

  author       = {Fulp, Errin W and Tarsa, Stephen J},

  abstractNote = {Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Oct 18 00:00:00 EDT 2011},

  month        = {Tue Oct 18 00:00:00 EDT 2011}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Preventing denial of service attacks on quality of service
conference, June 2001

Fulp, E.; Fu, Zhi; Reeves, D. S.
Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01
https://doi.org/10.1109/DISCEX.2001.932169

Small forwarding tables for fast routing lookups
journal, October 1997

Degermark, Mikael; Brodnik, Andrej; Carlsson, Svante
ACM SIGCOMM Computer Communication Review, Vol. 27, Issue 4
https://doi.org/10.1145/263109.263133

Fast firewall implementations for software and hardware-based routers
conference, November 2001

Qiu, Lili; Varghese, G.; Suri, S.
Proceedings Ninth International Conference on Network Protocols. ICNP 2001
https://doi.org/10.1109/ICNP.2001.992904

Sequencing Jobs to Minimize Total Weighted Completion Time Subject to Precedence Constraints
book, January 1978

Lawler, E. L.
Algorithmic Aspects of Combinatorics
https://doi.org/10.1016/S0167-5060(08)70323-6

On self-organizing sequential search heuristics
journal, February 1976

Rivest, Ronald
Communications of the ACM, Vol. 19, Issue 2
https://doi.org/10.1145/359997.360000

A Full Bandwidth ATM Firewall
book, January 2000

Paul, Olivier; Laurent, Maryline; Gombault, Sylvain
Lecture Notes in Computer Science
https://doi.org/10.1007/10722599_13

An unavailability analysis of firewall sandwich configurations
conference, October 2001

Goddard, S.; Kieckhafer, R.; Zhang, Yuping
Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking
https://doi.org/10.1109/HASE.2001.966815

Complexity of Scheduling under Precedence Constraints
journal, February 1978

Lenstra, J. K.; Rinnooy Kan, A. H. G.
Operations Research, Vol. 26, Issue 1
https://doi.org/10.1287/opre.26.1.22

Modeling and Management of Firewall Policies
journal, April 2004

Al-Shaer, Ehab S.; Hamed, Hazem H.
IEEE Transactions on Network and Service Management, Vol. 1, Issue 1
https://doi.org/10.1109/TNSM.2004.4623689

Development framework for firewall processors
conference, January 2002

Lee, T. K.; Yusuf, S.; Luk, W.
2002 IEEE International Conference on Field-Programmable Technology (FPT), 2002 IEEE International Conference on Field-Programmable Technology, 2002. (FPT). Proceedings.
https://doi.org/10.1109/FPT.2002.1188709

Counting linear extensions is #P-complete
conference, January 1991

Brightwell, Graham; Winkler, Peter
Proceedings of the twenty-third annual ACM symposium on Theory of computing - STOC '91
https://doi.org/10.1145/103418.103441

A parallel packet screen for high speed networks
conference, January 1999

Benecke, C.
Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
https://doi.org/10.1109/CSAC.1999.816014

Using IDDs for Packet Filtering
journal, June 2002

Christiansen, Mikkel; Fleury, Emmanuel
BRICS Report Series, Vol. 9, Issue 43
https://doi.org/10.7146/brics.v9i43.21758

Balancing Trie-Based Policy Representations for Network Firewalls
conference, January 2006

Tarsa, S. J.; Fulp, E. W.
11th IEEE Symposium on Computers and Communications (ISCC'06)
https://doi.org/10.1109/ISCC.2006.44

Design and evaluation of a high-performance ATM firewall switch and its applications
journal, June 1999

Xu, Jun; Singhal, M.
IEEE Journal on Selected Areas in Communications, Vol. 17, Issue 6, p. 1190-1200
https://doi.org/10.1109/49.772457

Detecting and resolving packet filter conflicts
conference, January 2000

Hari, A.; Suri, S.; Parulkar, G.
Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
https://doi.org/10.1109/INFCOM.2000.832496

Firewall Policy Advisor for Anomaly Discovery and Rule Editing
book, January 2003

Al-Shaer, Ehab S.; Hamed, Hazem H.
Integrated Network Management VIII
https://doi.org/10.1007/978-0-387-35674-7_2

Fast packet classification for two-dimensional conflict-free filters
conference, January 2001

Warkhede, P.; Suri, S.; Varghese, G.
Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213)
https://doi.org/10.1109/INFCOM.2001.916639

LSMAC vs. LSNAT: Scalable cluster‐based Web servers
journal, November 2000

Gan, Xuehong; Schroeder, Trevor; Goddard, Steve
Cluster Computing, Vol. 3, Issue 3, p. 175-185
https://doi.org/10.1023/A:1019084304980

Algorithms for trie compaction
journal, June 1984

Al-Suwaiyel, M.; Horowitz, E.
ACM Transactions on Database Systems, Vol. 9, Issue 2
https://doi.org/10.1145/329.295

Network firewalls
journal, September 1994

Bellovin, S. M.; Cheswick, W. R.
IEEE Communications Magazine, Vol. 32, Issue 9
https://doi.org/10.1109/35.312843

Analysis of a heuristic for full trie minimization
journal, September 1981

Comer, Douglas
ACM Transactions on Database Systems, Vol. 6, Issue 3
https://doi.org/10.1145/319587.319618

Router plugins: a software architecture for next-generation routers
journal, January 2000

Decasper, D.; Dittia, Z.; Parulkar, G.
IEEE/ACM Transactions on Networking, Vol. 8, Issue 1
https://doi.org/10.1109/90.836474

On the self-similar nature of Ethernet traffic (extended version)
journal, January 1994

Leland, W. E.; Taqqu, M. S.; Willinger, W.
IEEE/ACM Transactions on Networking, Vol. 2, Issue 1
https://doi.org/10.1109/90.282603

Fast and scalable layer four switching
journal, October 1998

Srinivasan, V.; Varghese, G.; Suri, S.
ACM SIGCOMM Computer Communication Review, Vol. 28, Issue 4
https://doi.org/10.1145/285243.285282

Various optimizers for single-stage production
journal, March 1956

Smith, Wayne E.
Naval Research Logistics Quarterly, Vol. 3, Issue 1-2
https://doi.org/10.1002/nav.3800030106

Similar Records in DOE Patents and OSTI.GOV collections:

Method, systems, and computer program products for implementing function-parallel network firewall

Patent Fulp, Errin W [Winston-Salem, NC]; Farley, Ryan J [Winston-Salem, NC]

Methods, systems, and computer program products for providing function-parallel firewalls are disclosed. According to one aspect, a function-parallel firewall includes a first firewall node for filtering received packets using a first portion of a rule set including a plurality of rules. The first portion includes less than all of the rules in the rule set. At least one second firewall node filters packets using a second portion of the rule set. The second portion includes at least one rule in the rule set that is not present in the first portion. The first and second portions together include all ofmore » the rules in the rule set. « less
Full Text Available
System, method, and computer program product for bulk synchronous binary program translation and optimization

Patent Diamos, Gregory Frederick

A system, method, and computer program product are provided for. The method includes the steps of executing a block of translated binary instructions by multiple threads and gathering profiling data during execution of the block of translated binary instructions. The multiple threads are then synchronized at a barrier instruction associated with the block of translated binary instructions and the block of translated binary instructions is replaced with optimized binary instructions, where the optimized binary instructions are produced based on the profiling data.
Full Text Available
Method, system and computer program product for monitoring and optimizing fluid extraction from geologic strata

Patent Medizade, Masoud [San Luis Obispo, CA]; Ridgely, John Robert [Los Osos, CA]

An arrangement which utilizes an inexpensive flap valve/flow transducer combination and a simple local supervisory control system to monitor and/or control the operation of a positive displacement pump used to extract petroleum from geologic strata. The local supervisory control system controls the operation of an electric motor which drives a reciprocating positive displacement pump so as to maximize the volume of petroleum extracted from the well per pump stroke while minimizing electricity usage and pump-off situations. By reducing the electrical demand and pump-off (i.e., "pounding" or "fluid pound") occurrences, operating and maintenance costs should be reduced sufficiently to allow petroleummore » « less
Full Text Available
Methods, systems and computer program products for determining systems re-tasking

Patent Gauthier, John H.; Miner, Nadine E.; Wilson, Michael L.; ...

Methods, systems and computer program products to measure system re-taskability are disclosed. The methods, systems and computer program products may be used in the design of a new or redesign of an existing System of Systems (SoS). Systems re-tasking (aka substitutability or stand-in redundancy) is the process of using different systems to substitute for non-operational systems to meet required functionality, or using multi-function systems to fulfill higher-priority tasks. This ability can increase the overall operational availability of the SoS; it can also increase the adaptability and resilience of the SoS to unknown or changing conditions. The disclosed methods, systems andmore » « less
Full Text Available
System, method, and computer program product for warming a cache for a task launch

Patent Ricketts, Scott; Wang, Nicholas; Gadre, Shirish; ...

A system, method, and computer program product for warming a cache for a task launch is described. The method includes the steps of receiving a task data structure that defines a processing task, extracting information stored in a cache warming field of the task data structure, and, prior to executing the processing task, generating a cache warming instruction that is configured to load one or more entries of a cache storage with data fetched from a memory.
Full Text Available

Similar Records

Title: Methods, systems, and computer program products for network firewall policy optimization

Abstract

Citation Formats

Preventing denial of service attacks on quality of service conference, June 2001

Small forwarding tables for fast routing lookups journal, October 1997

Fast firewall implementations for software and hardware-based routers conference, November 2001

Sequencing Jobs to Minimize Total Weighted Completion Time Subject to Precedence Constraints book, January 1978

On self-organizing sequential search heuristics journal, February 1976

A Full Bandwidth ATM Firewall book, January 2000

An unavailability analysis of firewall sandwich configurations conference, October 2001

Complexity of Scheduling under Precedence Constraints journal, February 1978

Modeling and Management of Firewall Policies journal, April 2004

Development framework for firewall processors conference, January 2002

Counting linear extensions is #P-complete conference, January 1991

A parallel packet screen for high speed networks conference, January 1999

Using IDDs for Packet Filtering journal, June 2002

Balancing Trie-Based Policy Representations for Network Firewalls conference, January 2006

Design and evaluation of a high-performance ATM firewall switch and its applications journal, June 1999

Detecting and resolving packet filter conflicts conference, January 2000

Firewall Policy Advisor for Anomaly Discovery and Rule Editing book, January 2003

Fast packet classification for two-dimensional conflict-free filters conference, January 2001

LSMAC vs. LSNAT: Scalable cluster‐based Web servers journal, November 2000

Algorithms for trie compaction journal, June 1984

Network firewalls journal, September 1994

Analysis of a heuristic for full trie minimization journal, September 1981

Router plugins: a software architecture for next-generation routers journal, January 2000

On the self-similar nature of Ethernet traffic (extended version) journal, January 1994

Fast and scalable layer four switching journal, October 1998

Various optimizers for single-stage production journal, March 1956

Preventing denial of service attacks on quality of service
conference, June 2001

Small forwarding tables for fast routing lookups
journal, October 1997

Fast firewall implementations for software and hardware-based routers
conference, November 2001

Sequencing Jobs to Minimize Total Weighted Completion Time Subject to Precedence Constraints
book, January 1978

On self-organizing sequential search heuristics
journal, February 1976

A Full Bandwidth ATM Firewall
book, January 2000

An unavailability analysis of firewall sandwich configurations
conference, October 2001

Complexity of Scheduling under Precedence Constraints
journal, February 1978

Modeling and Management of Firewall Policies
journal, April 2004

Development framework for firewall processors
conference, January 2002

Counting linear extensions is #P-complete
conference, January 1991

A parallel packet screen for high speed networks
conference, January 1999

Using IDDs for Packet Filtering
journal, June 2002

Balancing Trie-Based Policy Representations for Network Firewalls
conference, January 2006

Design and evaluation of a high-performance ATM firewall switch and its applications
journal, June 1999

Detecting and resolving packet filter conflicts
conference, January 2000

Firewall Policy Advisor for Anomaly Discovery and Rule Editing
book, January 2003

Fast packet classification for two-dimensional conflict-free filters
conference, January 2001

LSMAC vs. LSNAT: Scalable cluster‐based Web servers
journal, November 2000

Algorithms for trie compaction
journal, June 1984

Network firewalls
journal, September 1994

Analysis of a heuristic for full trie minimization
journal, September 1981

Router plugins: a software architecture for next-generation routers
journal, January 2000

On the self-similar nature of Ethernet traffic (extended version)
journal, January 1994

Fast and scalable layer four switching
journal, October 1998

Various optimizers for single-stage production
journal, March 1956