Information security – Access control or authentication – Network
Reexamination Certificate
2006-03-28
2011-10-18
Zia, Syed A. (Department: 2431)
Information security
Access control or authentication
Network
C726S012000, C726S013000, C713S153000, C713S154000, C709S238000, C709S242000, C709S240000, C709S244000, C370S351000, C370S352000, C370S357000, C370S358000
Reexamination Certificate
active
08042167
ABSTRACT:
Methods, systems, and computer program products for firewall policy optimization are disclosed. According to one method, a firewall policy including an ordered list of firewall rules is defined. For each rule, a probability indicating a likelihood of receiving a packet matching the rule is determined. The rules are sorted in order of non-increasing probability in a manner that preserves the firewall policy.
REFERENCES:
patent: 6098172 (2000-08-01), Coss et al.
patent: 6484261 (2002-11-01), Wiegel
patent: 6662235 (2003-12-01), Callis et al.
patent: 7089581 (2006-08-01), Nagai et al.
patent: 7107613 (2006-09-01), Chen et al.
patent: 7227842 (2007-06-01), Ji et al.
patent: 7237267 (2007-06-01), Rayes et al.
patent: 7263099 (2007-08-01), Woo et al.
patent: 7299353 (2007-11-01), Le Pennec et al.
patent: 7331061 (2008-02-01), Ramsey et al.
patent: 7954143 (2011-05-01), Aaron
patent: 2002/0038339 (2002-03-01), Xu
patent: 2002/0165949 (2002-11-01), Na et al.
patent: 2002/0198981 (2002-12-01), Corl, Jr. et al.
patent: 2003/0120622 (2003-06-01), Nurmela et al.
patent: 2004/0010712 (2004-01-01), Hui et al.
patent: 2004/0177139 (2004-09-01), Schuba et al.
patent: 2004/0193943 (2004-09-01), Angelino et al.
patent: 2005/0010765 (2005-01-01), Swander et al.
patent: 2005/0125697 (2005-06-01), Tahara
patent: 2005/0183140 (2005-08-01), Goddard
patent: 2005/0229246 (2005-10-01), Rajagopal et al.
patent: 2005/0251570 (2005-11-01), Heasman et al.
patent: 2006/0070122 (2006-03-01), Bellovin
patent: 2006/0104202 (2006-05-01), Reiner
patent: 2006/0195896 (2006-08-01), Fulp et al.
patent: 2008/0301765 (2008-12-01), Nicol et al.
patent: 2009/0138938 (2009-05-01), Harrison et al.
patent: 2010/0011433 (2010-01-01), Harrison et al.
patent: 2010/0199346 (2010-08-01), Ling et al.
patent: 2010/0303240 (2010-12-01), Beachem et al.
patent: 2011/0055916 (2011-03-01), Ahn
patent: 2011/0055923 (2011-03-01), Thomas
patent: 1 006 701 (2000-06-01), None
patent: 10-20010079361 (2001-08-01), None
patent: WO 2006/093557 (2006-09-01), None
Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declaration for International Application No. PCT/US06/11291 (Jul. 3, 2008).
Notification of Transmittal of the International Search Report and The Written Opinion of the International Searching Authority, or the Declaration for International Application No. PCT/US05/47008 (Sep. 11, 2006).
E. Fulp, “Optimization of Network Firewall Policies Using Ordered Sets and Directed Acyclical Graphs”, Technical Report, Computer Science Department, Wake Forest University, Jan. 2004.
E. Fulp et al., “Network Firewall Policy Tries”, Technical Report, Computer Science Department, Wake Forest University, 2004.
E. Al-Shaer et al., “Modeling and Management of Firewall Policies”,IEEE Transactions on Network and Service Management, 1(1): 2004.
E.W. Fulp, “Firewall Architectures for High Speed Networks”,U.S. Department of Energy Grant Application, Funded Sep. 2003.
E. Al-Shaer et al., “Firewall Policy Advisor for Anomaly Discovery and Rule Editing”,Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, 2003.
V.P. Ranganath, “A Set-Based Approach to Packet Classification”,Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Systems, 889-894, 2003.
M. Christiansen et al., “Using IDDs for Packet Filtering”,Technical Report, BRICS, Oct. 2002.
L.Qui et al., “Fast Firewall Implementations for Software and Hardware-Based Routers”,Proceedings of ACM Sigmetrics, Jun. 2001.
D. Eppstein et al., “Internet Packet Filter Management and Rectangle Geometry”,Proceedings of the Symposium on Discrete Algorithms, 827-835, 2001.
E. Fulp, “Preventing Denial of Service Attacks on Quality of Service”,Proceedings of the 2001 DARPA Information Survivability Conference and Exposition II, 2001.
S. Goddard et al., “An Unavailability Analysis of Firewall Sandwich Configurations”Proceedings of the 6thIEEE Symposium on High Assurance Systems Engineering, 2001.
G.V. Rooij, “Real Stateful TCP Packet Filtering in IP Filter”,Proceedings of the 10thUSENIX Security Symposium, 2001.
P. Warkhede et al., “Fast Packet Classification for Two-Dimensional Conflict-Free Filters”,Proceedings of IEEE INFOCOM, 1434-1443, 2001.
D. Decasper et al., “Router Plugins: A Software Architecture for Next-Generation Routers”,IEEE/ACM Transactions on Networking, 8(1): Feb. 2000.
A. Feldmann et al., “Tradeoffs for Packet Classification”,Proceedings of the IEEE INFOCOM, 397-413, 2000.
X. Gan et al., “LSMAC vs. LSNAT: Scalable Cluster-based Web servers”Journal of Networks, Software Tools, and Applications, 3(3): 175-185, 2000.
A. Hari et al., “Detecting and Resolving Packet Filter Conflicts”,Proceedings of IEEE INFOCOM, 1203-1212, 2000.
O. Paul et al., “A Full Bandwidth ATM Firewall”,Proceedings of the 6thEuropean Symposium on Research in Computer Security ESORICS'2000, 2000.
J. Xu et al., “Design and Evaluation of a High-Performance ATM Firewall Switch and Its Applications”,IEEE Journal on Selected Areas in Communications, 17(6): 1190-1200, Jun. 1999.
C. Benecke, “A Parallel Packet Screen for High Speed Networks”,Proceedings of the 15thAnnual Computer Security Applications Conference, 1999.
R. Funke et al., “Performance Evaluation of Firewalls in Gigabit-Networks”,Proceedings of the Symposium on Performance Evaluation of Computer and Telecommunication Systems, 1999.
S. Suri et al., “Packet Filtering in High Speed Networks”,Proceedings of the Symposium on Discrete Algorithms, 969-970, 1999.
U. Ellermann et al., “Firewalls for ATM Networks”,Proceedings of INFOSEC'COM, 1998.
V. Srinivasan et al., “Fast and Scalable Layer Four Switching”,Proceedings of ACM SIGCOMM, 191-202, 1998.
M. Degermark et al., “Small Forwarding Tables for Fast Routing Lookups”,Proceedings of ACM SIGCOMM, 4-13, 1997.
S.M. Bellovin et al., “Network Firewalls”,IEEE Communications Magazine, 50-57, 1994.
W.E. Leland et al., “On the Self-Similar Nature of Ethernet Traffic”,IEEE Transactions on Networking, 2(1); 15, 1994.
G. Brightwell et al., “Counting Linear Extensions is #P-Complete”,Proceedings of the Twenty-Third Annual ACM Symposium on Theory of Computing, 1991.
M. Al-Suwaiyel et al., “Algorithms for Trie Compaction”,ACM Transactions on Database Systems, 9(2): 243-263, Jun. 1984.
D. Comer, “Analysis of a Heuristic for Full Trie Minimization”,ACM Transactions on Database Systems, 6(3): 513-537, Sep. 1981.
R.L. Graham et al., “Optimization and Approximation in Deterministic Sequencing and Scheduling: A Survey”,Annals of Discrete Mathematics, 5: 287-326, 1979.
E.L. Lawler, “Sequencing Jobs to Minimize Total Weighted Completion Time Subject to Precedence Constraints”,Annals of Discrete Mathematics, 2: 75-90, 1978.
J.K. Lenstra et al., “Complexity of Scheduling Under Precedence Constraints”,Operations Research, 26(1): 22-35, 1978.
R. Rivest, “On Self-Organizing Sequential Search Heuristics”,Communications of the ACM, 19(2): 1976.
W.E. Smith, “Various Optimizers for Single-Stage Production”,Naval Research Logistics Quarterly, 3: 59-66, 1956.
Bellion, “High Performance Packet Classification”, http://www.hipac.org (Publication Date Unknown).
Official Action for U.S. Appl. No. 11/316,331 (Sep. 14, 2009).
Communication pursuant to Rules 109 and 110 EPC for European application No. 05857614.1 (Aug. 31, 2007).
Notice of Allowance and Fee(s) Due for U.S. Appl. No. 11/316,331 (Mar. 4, 2011).
Supplementary European Search Report for European application No. 06758213.0 (Feb. 14, 2011).
Fulp, Errin: “Errin F
Fulp Errin W.
Tarsa Stephen J.
Jenkins Wilson Taylor & Hunt, P.A.
Wake Forest University
Zia Syed A.
LandOfFree
Methods, systems, and computer program products for network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods, systems, and computer program products for network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods, systems, and computer program products for network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4280642