RUNTIME ADAPTABLE SECURITY PROCESSOR
2 Assignments
0 Petitions
Accused Products
Abstract
A runtime adaptable security processor is disclosed. The processor architecture provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. A high performance content search and rules processing security processor is disclosed which may be used for application layer and network layer security. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number of active sessions. The session information that is not in the internal memory is stored and retrieved to/from an additional memory. An application running on an initiator or target can in certain instantiations register a region of memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transfer.
100 Citations
39 Claims
-
1-19. -19. (canceled)
-
20. A security system comprising:
a network, said network comprising one or more networked systems of one or more types, said security system providing multiple protocol layer security in said network, at least one of said one or more networked systems comprising a security processor, said security processor comprising a programmable content search and rule processing engine configured to search payload content of traffic within said network by applying a set of search rules, or take actions on matched rules, or a combination thereof, and said security processor comprising; (a) a runtime adaptable processor to provide adaptable hardware acceleration at multiple protocol layers based on processing the network traffic presented to said security processor, said runtime adaptable processor comprising a plurality of configurations, and a configuration controller, wherein said configuration controller is configured to dynamically map hardware functions to a plurality of hardware elements that are coupled to each other in a first configuration from the plurality of configurations at a first time and are coupled to each other in a second configuration from the plurality of configurations at a second time, the second configuration different than the first configuration; and (b) a programmable rules processing engine to provide rule searching and security processing at multiple protocol layers to the network traffic presented to said security processor, wherein the network traffic comprises a first packet and a second packet, wherein a state of the search rules applied to said second packet are stored in a memory, and said programmable rules processing engine is configured to determine whether the first packet is secure based on whether the first packet belongs to a connection of the second packet and on the stored state of the search rules applied to the second packet. - View Dependent Claims (22, 23, 24, 25, 32, 38, 39)
-
21. A security system comprising:
a storage area network comprising one or more networked systems comprising a security processor providing multiple protocol layer security in said storage area network, said security processor comprising a programmable content search and rule processing engine configured to search payload content of traffic within said storage area network by applying a set of search rules, or take actions on matched rules, or a combination thereof, said security processor comprising; (a) a runtime adaptable processor to provide adaptable hardware acceleration at multiple protocol layers based on processing the storage area network traffic presented to said security processor, said runtime adaptable processor comprising a plurality of configurations, and a configuration controller, wherein said configuration controller is configured to dynamically map hardware functions to a plurality of hardware elements that are coupled to each other in a first configuration from the plurality of configurations at a first time and are coupled to each other in a second configuration from the plurality of configurations at a second time, the second configuration different than the first configuration; and (b) a programmable rules processing engine to provide rule searching and security processing at multiple protocol layers to the network traffic presented to said security processor, wherein the network traffic comprises a first packet and a second packet, wherein a state of the search rules applied to said second packet are stored in a memory, and said programmable rules processing engine is configured to determine whether the first packet is secure based on whether the first packet belongs to a connection of the second packet and on the stored state of the search rules applied to the second packet. - View Dependent Claims (34, 35, 36, 37)
-
26. A security system comprising:
a network, said network comprising one or more networked systems of one or more types, said security system providing multiple protocol layer security in said network, at least one of said one or more networked systems comprising a security processor providing remote direct memory access (RDMA) capability, said security processor comprising a programmable content search and rule processing engine configured to search payload content of traffic within said network by applying a set of search rules, or take actions on matched rules, or a combination thereof, said security processor comprising; (a) a runtime adaptable processor to provide adaptable hardware acceleration at multiple protocol layers based on processing the network traffic presented to said security processor, said runtime adaptable processor comprising a plurality of configurations, and a configuration controller, wherein said configuration controller is configured to dynamically map hardware functions to a plurality of hardware elements that are coupled to each other in a first configuration from the plurality of configurations at a first time and are coupled to each other in a second configuration from the plurality of configurations at a second time, the second configuration different than the first configuration; and (b) a programmable rules processing engine to provide rule searching and security processing at multiple protocol layers to the network traffic presented to said security processor, wherein the network traffic comprises a first packet and a second packet, wherein a state of the search rules applied to said second packet are stored in a memory, and said programmable rules processing engine is configured to determine whether the first packet is secure based on whether the first packet belongs to a connection of the second packet and on the stored state of the search rules applied to the second packet. - View Dependent Claims (27, 28, 29, 30, 31, 33)
Specification