WO2001099372A3 - Efficient evaluation of rules - Google Patents

Efficient evaluation of rules Download PDF

Info

Publication number
WO2001099372A3
WO2001099372A3 PCT/US2001/019332 US0119332W WO0199372A3 WO 2001099372 A3 WO2001099372 A3 WO 2001099372A3 US 0119332 W US0119332 W US 0119332W WO 0199372 A3 WO0199372 A3 WO 0199372A3
Authority
WO
WIPO (PCT)
Prior art keywords
rules
efficient evaluation
minimizes
determining
way
Prior art date
Application number
PCT/US2001/019332
Other languages
French (fr)
Other versions
WO2001099372A2 (en
Inventor
Geoffrey Cooper
Kieran Gerard Sherlock
Robert Shaw
Luis Filipe Pereira Valente
Original Assignee
Securify Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/826,602 external-priority patent/US20020093527A1/en
Priority claimed from US09/878,093 external-priority patent/US7143439B2/en
Application filed by Securify Inc filed Critical Securify Inc
Priority to AU2001268492A priority Critical patent/AU2001268492A1/en
Publication of WO2001099372A2 publication Critical patent/WO2001099372A2/en
Publication of WO2001099372A3 publication Critical patent/WO2001099372A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors
    • H04L43/0829Packet loss
    • H04L43/0841Round trip packet loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors
    • H04L43/0847Transmission error
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • H04L43/0864Round trip delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

A method and apparatus uses a proprietary algorithm for organizing network security policy rules in a way that minimizes the number of rules considered when determining the set of rules applicable to a given protocol event.
PCT/US2001/019332 2000-06-16 2001-06-15 Efficient evaluation of rules WO2001099372A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001268492A AU2001268492A1 (en) 2000-06-16 2001-06-15 Efficient evaluation of rules

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US21212600P 2000-06-16 2000-06-16
US60/212,126 2000-06-16
US09/826,602 2001-04-05
US09/826,602 US20020093527A1 (en) 2000-06-16 2001-04-05 User interface for a security policy system and method
US09/878,093 US7143439B2 (en) 2000-01-07 2001-06-08 Efficient evaluation of rules
US09/878,093 2001-06-08

Publications (2)

Publication Number Publication Date
WO2001099372A2 WO2001099372A2 (en) 2001-12-27
WO2001099372A3 true WO2001099372A3 (en) 2002-05-10

Family

ID=27395692

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/019332 WO2001099372A2 (en) 2000-06-16 2001-06-15 Efficient evaluation of rules

Country Status (2)

Country Link
AU (1) AU2001268492A1 (en)
WO (1) WO2001099372A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8849993B2 (en) 2000-06-16 2014-09-30 Intel Corporation Method and apparatus for rate limiting

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2387681A (en) * 2002-04-18 2003-10-22 Isis Innovation Intrusion detection system with inductive logic means for suggesting new general rules
US10541872B2 (en) 2015-03-31 2020-01-21 Hewlett Packard Enterprise Development Lp Network policy distribution

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0854621A1 (en) * 1997-01-17 1998-07-22 AT&T Corp. System and method for providing peer level access control on a network
EP1006701A2 (en) * 1998-12-03 2000-06-07 Lucent Technologies Inc. Adaptive re-ordering of data packet filter rules

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0854621A1 (en) * 1997-01-17 1998-07-22 AT&T Corp. System and method for providing peer level access control on a network
EP1006701A2 (en) * 1998-12-03 2000-06-07 Lucent Technologies Inc. Adaptive re-ordering of data packet filter rules

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
THOMSEN D ET AL: "NAPOLEON NETWORK APPLICATION POLICY ENVIRONMENT", PROCEEDINGS 4TH. ACM WORKSHOP ON ROLE-BASED ACCESS CONTROL. FAIRFAX, VA, OCT. 28 - 29, 1999, ACM ROLE-BASED ACCESS CONTROL WORKSHOP, NEW YORK, NY: ACM, US, 28 October 1999 (1999-10-28), pages 145 - 152, XP000958112, ISBN: 1-58113-180-1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8849993B2 (en) 2000-06-16 2014-09-30 Intel Corporation Method and apparatus for rate limiting

Also Published As

Publication number Publication date
AU2001268492A1 (en) 2002-01-02
WO2001099372A2 (en) 2001-12-27

Similar Documents

Publication Publication Date Title
WO2002079949A3 (en) Internet security system
AU2001268408A1 (en) Method and device for network security monitoring
AU2002344308A1 (en) Method and system for implementing security devices in a network
WO2002003180A3 (en) Layered defense-in-depth knowledge-based data management
AU2002213275A1 (en) Method and system for authenticating a network user
AU2002301853A1 (en) Locking device, locker, key and locking method
AU2001268325A1 (en) Method and apparatus for batched network security protection server performance
HK1055363A1 (en) Method and apparatus for preventing unauthorized access by a network device.
AU2001255641A1 (en) Method and system for intrusion detection in a computer network
AU2001241625A1 (en) System and method for identifying and blocking pornographic and other web content on the internet
AU2001288983A1 (en) Method and system for forming a list-based value discovery network
AU2002350759A1 (en) Application gateway system, and method for maintaining security in a packet-switched information network
GB2409388B (en) System and method for IEEE 802.1X user authentication in a network entry device
AU3640799A (en) Apparatus and method for trusted network security
EP1481508A4 (en) Multi-method gateway-based network security systems and methods
AU3724897A (en) Apparatus and methods for transmission security in a computer network
AU2002239500A1 (en) Cryptographic data security system and method
AU2001271039A1 (en) Fingerprint collation apparatus, fingerprint collation method, and fingerprint collation program
AU4833300A (en) Apparatus and methods for analyzing multiple network security vulnerabilities
AU2001269870A1 (en) System and method for security policy
AU7797198A (en) Internet, intranet and other network communication security systems utilizing entrance and exit keys
AU2002211049A1 (en) Fingerprint identifying method and security system using the same
HUP0400498A2 (en) Method for securing the authenticity of hardware and software in a network
AU2002244241A1 (en) Security token and access point networking
WO2001099372A3 (en) Efficient evaluation of rules

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP