×

Method and apparatus for comparing access control lists for configuring a security policy on a network

  • US 7,636,937 B1
  • Filed: 01/11/2002
  • Issued: 12/22/2009
  • Est. Priority Date: 01/11/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method of comparing access control lists to configure a security policy on a network, the method comprising the computer-implemented steps of:

  • subtracting a particular access control entry from another access control entry, wherein both the particular access control entry and said another control entry are two access control entries of multiple first access control entries and wherein the first access control entries, including the particular access control entry and said another access control entry, are all of access control entries as specified in a first access control list;

    identifying one or more first sub-entries in the first access control list, wherein the one or more first sub-entries include each of overlapping sections and non-overlapping sections of all of the first access control entries and wherein at least one of the one or more first sub-entries is derived from results of subtracting the particular access control entry from said another access control entry; and

    programmatically determining whether the first access control list is functionally equivalent to a second access control list by determining whether each of the first sub-entries in the first access control list is contained by one or more entries of multiple second access control entries in the second access control list;

    wherein the method is performed by one or more computing devices.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×