Efficient evaluation of rules
First Claim
Patent Images
1. A computer-implemented method for a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said method comprising the steps of:
- providing a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said policy engine;
creating a first associative array having a first key and a first value, wherein said first key corresponds to an agent descriptor and said first value is a reference to a second associative array having a second key and a second value;
creating a second associative array, wherein said second key corresponds to a protocol name and said second value is a reference to a third associative array having a third key and a third value;
creating a third associative array, wherein said third key corresponds to a protocol action and said third value is a reference to a fourth associative array having a fourth key and a fourth value;
creating a fourth associative array, wherein said fourth key corresponds to a set of policy rules and said fourth value is a rank number associated with said any of said policy rules;
upon receiving at runtime an incoming protocol event comprising an associated agent descriptor, an associated protocol name, and an associated protocol action, selecting said first associative array, wherein said first key corresponds to said associated agent descriptor and said first value is a reference to said second associative array;
selecting said second associative array, wherein said second key corresponds to said associated protocol name and said second value is a reference to said third associative array;
selecting said third associative array, wherein said third key corresponds to said associated protocol action and said third value is a reference to said fourth associative array; and
selecting said fourth associative array, wherein said fourth key corresponds to any of said policy rules and said fourth value is a said rank number associated with said any of said policy rules, wherein said rank number is a relative value dependent on, and does not have to be unique with respect to, other rank numbers in said fourth associative array.
13 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus uses a proprietary algorithm for organizing network security policy rules in a way that minimizes the number of rules considered when determining the set of rules applicable to a given protocol event.
-
Citations
10 Claims
-
1. A computer-implemented method for a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said method comprising the steps of:
-
providing a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said policy engine; creating a first associative array having a first key and a first value, wherein said first key corresponds to an agent descriptor and said first value is a reference to a second associative array having a second key and a second value; creating a second associative array, wherein said second key corresponds to a protocol name and said second value is a reference to a third associative array having a third key and a third value; creating a third associative array, wherein said third key corresponds to a protocol action and said third value is a reference to a fourth associative array having a fourth key and a fourth value; creating a fourth associative array, wherein said fourth key corresponds to a set of policy rules and said fourth value is a rank number associated with said any of said policy rules; upon receiving at runtime an incoming protocol event comprising an associated agent descriptor, an associated protocol name, and an associated protocol action, selecting said first associative array, wherein said first key corresponds to said associated agent descriptor and said first value is a reference to said second associative array; selecting said second associative array, wherein said second key corresponds to said associated protocol name and said second value is a reference to said third associative array; selecting said third associative array, wherein said third key corresponds to said associated protocol action and said third value is a reference to said fourth associative array; and selecting said fourth associative array, wherein said fourth key corresponds to any of said policy rules and said fourth value is a said rank number associated with said any of said policy rules, wherein said rank number is a relative value dependent on, and does not have to be unique with respect to, other rank numbers in said fourth associative array. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system for a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action, said computer system comprising:
-
at least one computer with accessibly coupled computer memory; a policy engine first to organize pre-runtime and second to select policy rules in a way to effect an efficient evaluation of a protocol event at runtime, said protocol event having an agent descriptor, a protocol name, and a protocol action contains program code segments residing in said computer memory accessibly coupled to said computer of said computer system comprised of; a program code segment supporting creating a first associative array having a first key and a first value, wherein said first key corresponds to an agent descriptor and said first value is a reference to a second associative array having a second key and a second value; a program code segment supporting creating a second associative array, wherein said second key corresponds to a protocol name and said second value is a reference to a third associative array having a third key and a third value; a program code segment supporting creating a third associative array, wherein said third key corresponds to a protocol action and said third value is a reference to a fourth associative array having a fourth key and a fourth value; a program code segment supporting creating a fourth associative array, wherein said fourth key corresponds to a set of policy rules and said fourth value is a rank number associated with said any of said policy rules; a program code segment supporting, upon receiving at runtime an incoming protocol event comprising an associated agent descriptor, an associated protocol name, and an associated protocol action, selecting said first associative array, wherein said first key corresponds to said associated agent descriptor and said first value is a reference to a said second associative array; a program code segment supporting selecting said second associative array, wherein said second key corresponds to said associated protocol name and said second value is a reference to said third associative array; a program code segment supporting selecting said third associative array, wherein said third key corresponds to said associated protocol action and said third value is a reference to said fourth associative array; and a program code segment supporting selecting said fourth associative array, wherein said fourth key corresponds to any of said policy rules and said fourth value is said rank number associated with said any of said policy rules, wherein said rank number is a relative value dependent on, and does not have to be unique with respect to, other rank numbers in said fourth associative array. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeThe Security Center Incorporated
-
InventorsSherlock, Kieran G., Cooper, Geoffrey, Valente, Luis, Shaw, Bob
-
Primary Examiner(s)Vu, Kim
-
Assistant Examiner(s)Gyorfi, Thomas
-
Application NumberUS09/878,093Publication NumberTime in Patent Office1,999 DaysField of Search713/200, 713/201, 707/9, 707/7, 707/100, 707/104.1, 709/223, 709/224, 709/225, 709/226, 705/57, 705/58, 705/59, 706/46, 706/47, 706/48, 726/11, 726/13, 726/14US Class Current726/11CPC Class CodesH04L 41/0609 based on severity or priorityH04L 41/069 using logs of notifications...H04L 41/0893 Assignment of logical group...H04L 41/0894 Policy-based network config...H04L 41/22 comprising specially adapte...H04L 41/50 Network service management,...H04L 41/5003 Managing SLA; Interaction b...H04L 43/00 Arrangements for monitoring...H04L 43/045 for graphical visualisation...H04L 43/062 related to network trafficH04L 43/106 using time related informat...H04L 63/0227 Filtering policies mail mes...H04L 63/0442 wherein the sending and rec...H04L 63/08 for authentication of entit...H04L 63/0823 using certificates cryptogr...H04L 63/1408 by monitoring network traff...H04L 63/1433 Vulnerability analysisH04L 63/166 at the transport layerH04L 63/20 for managing network securi...H04L 67/1001 for accessing one among a p...View All
