RULE COMPILATION IN A FIREWALL

US 20120324569A1
Filed: 06/15/2011
Published: 12/20/2012
Est. Priority Date: 06/15/2011
Status: Abandoned Application

First Claim

Patent Images

1. A firewall system comprising a rule compiler operable to:

generate a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule;

wherein evaluation of the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase results in logical application of first and subsequent rules against the network connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firewall system comprises a rule compiler operable to use florets and factoring to produce a rule data structure that enables a rules engine to apply a rule from a rule set in phases, including rules applicable during a first scan with second factors not available and rules applicable during a second scan such that only the second factors need be applied.

Citations

22 Claims

1. A firewall system comprising a rule compiler operable to:
- generate a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule;
  
  wherein evaluation of the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase results in logical application of first and subsequent rules against the network connection.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The firewall system of claim 1, the rule compiler further operable to factor the first and subsequent rules by adding a factor rule before the first rule, the factor rule comprising a first phase selector that is the intersection of the first phase selectors of first and subsequent rules, and a second phase selector and an action from the first rule.
  - 3. The firewall system of claim 2, wherein the factoring rules occurs before generating florets for rules.
  - 4. The firewall system of claim 2, wherein rules are identified to be factored by determining that the first rule is not a subset of the subsequent rule based on the first phase selectors, and determining that the first rule is not a superset of the subsequent rule based on the second phase selectors.
  - 5. The firewall system of claim 1, wherein generating a floret for at least one rule further comprises identifying at least one subsequent rule such that the at least one rule'"'"'s first phase selectors are a subset of the subsequent rule'"'"'s first phase selectors, and assembling at least second phase and action selectors of the identified at least one subsequent rule into the floret.
  - 6. The firewall system of claim 1, wherein the floret selectors comprise only second or subsequent phase selectors.

7. A method of operating a firewall system, comprising:
- generating a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule;
  
  wherein evaluation of the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase results in logical application of first and subsequent rules against the network connection
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of operating a firewall system of claim 7, the rule compiler further operable to factor the first and subsequent rules by adding a factor rule before the first rule, the factor rule comprising a first phase selector that is the intersection of the first phase selectors of first and subsequent rules, and a second phase selector and an action from the first rule.
  - 9. The method of operating a firewall system of claim 8, wherein the factoring rules occurs before generating florets for rules.
  - 10. The method of operating a firewall system of claim 8, wherein rules are identified to be factored by determining that the first rule is not a subset of the subsequent rule based on the first phase selectors, and determining that the first rule is not a superset of the subsequent rule based on the second phase selectors.
  - 11. The method of operating a firewall system of claim 7, wherein generating a floret for at least one rule further comprises identifying at least one subsequent rule such that the at least one rule'"'"'s first phase selectors are a subset of the subsequent rule'"'"'s first phase selectors, and assembling at least second phase and action selectors of the identified at least one subsequent rule into the floret.
  - 12. The method of operating a firewall system of claim 7, wherein the floret selectors comprise only second or subsequent phase selectors.

13. A tangible machine-readable medium with instructions stored thereon, the instructions when executed operable to cause a computerized system to:
- generate a floret for a first rule, the floret derived from first phase and second phase selectors of the first rule and a subsequent rule; and
  
  evaluate the first phase selectors of the first rule against a network connection in a first phase and evaluation of the rule'"'"'s generated floret against the network connection in a second phase, resulting in logical application of first and subsequent rules against the network connection
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The tangible machine-readable medium of claim 13, the rule compiler further operable to factor the first and subsequent rules by adding a factor rule before the first rule, the factor rule comprising a first phase selector that is the intersection of the first phase selectors of first and subsequent rules, and a second phase selector and an action from the first rule.
  - 15. The tangible machine-readable medium of claim 14, wherein the factoring rules occurs before generating florets for rules.
  - 16. The tangible machine-readable medium of claim 14, wherein rules are identified to be factored by determining that the first rule is not a subset of the subsequent rule based on the first phase selectors, and determining that the first rule is not a superset of the subsequent rule based on the second phase selectors.
  - 17. The tangible machine-readable medium of claim 13, wherein generating a floret for at least one rule further comprises identifying at least one subsequent rule such that the at least one rule'"'"'s first phase selectors are a subset of the subsequent rule'"'"'s first phase selectors, and assembling at least second phase and action selectors of the identified at least one subsequent rule into the floret.
  - 18. The tangible machine-readable medium of claim 13, wherein the floret selectors comprise only second or subsequent phase selectors.

19. A firewall system comprising a rule engine operable to apply a first rule from a rule set in a first phase and a second phase, the first rule including both a first phase selector applied in a first phase and a second phase selector applied in a second phase with a second phase selector from a subsequent rule, the second phase selector applied in the second phase such that the first phase selectors need not be reconsidered in application of the second phase selector.
- View Dependent Claims (20)
- - 20. The firewall system of claim 19, the rule engine further operable to apply the rule via application of florets and factoring rules to apply the second phase selector from the first rule and a subsequent rule.

21. A method of operating a firewall system, comprising:
- applying a first rule from a rule set in a first phase and a second phase, the first rule including both a first phase selector applied in a first phase and a second phase selector applied in a second phase with a second phase selector from a subsequent rule, the second phase selector applied in the second phase such that the first phase selectors need not be reconsidered in application of the second phase selector.
- View Dependent Claims (22)
- - 22. The method of operating a firewall system of claim 21, further comprising applying the rule via application of florets and factoring rules to apply the second phase selector from the first rule and a subsequent rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Diehl, David, Chew, Steven O.

Application Number

US13/161,477
Publication Number

US 20120324569A1
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 63/0263 Rule management

RULE COMPILATION IN A FIREWALL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

RULE COMPILATION IN A FIREWALL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links