Firewall Decision Diagrams

Background Computer network firewalls operate by a set of rules that act as a gatekeeper for data traffic. These rules are written in a table format by network administrators. The process of creating and maintaining the rules is highly susceptible to error, especially in complex network environments that have multiple firewalls and rules numbering in the hundreds or thousands. Network security breaches are often a result of errors in these rules. While there are many tools available today to assist with the design and maintenance of firewall rules, firewall errors still proliferate because these tools do not address the underlying cause of the errors and do not provide a comprehensive and efficient method for testing and administering firewalls.

Invention Description Firewall design and administration toolkit that enables the creation of error-free firewall rule sets, provides comprehensive firewall testing and significantly simplifies the process of creating, updating and maintaining firewalls

Underlying the toolkit is a unique data structure based on decision diagrams. This data structure has many advantages. The decision diagram user interface provides a superior visual framework for rule entry and updating because it enables the administrator to see how the rules interoperate. Based on this decision diagram, a table of error-free, compact rules can be generated for use with existing firewalls

In addition, the reduction of a rule set to a decision diagram enables the processing by computer of a number of administration functions that are not possible with the expression of rules in a table, including simulation of firewall results and comparison of two different sets of rules against each other.

While the toolkit employs a new data structure, it is compatible with existing firewall products because it is capable of compiling a decision diagram from a table of rules and generating a table of rules from a decision diagram


Benefits

All possible cases always considered No rule ordering issues No redundant rules

Features

Automatic Generation of Firewall Rules. Software tool that automatically generates firewall rules that are error-free and compact even in the most complex environments. Data structure allows for simplified method of modifying rules as needs of enterprise change. Query Engine. Software tool that automatically generates a unique query engine for a particular firewall rule set. Query engine then used by system administrator to accurately answer questions about firewall function (e.g., what computers can access company president's computer). Rule Set Comparison. Software tool that compares two separate sets of firewall rules and identifies how their results will differ. Elimination of Redundant Rules. Software tool that eliminates redundant rules from a set of firewall rules.

Market Potential/Applications Firewall administration and network administration markets.

Development Stage Proof of concept

IP Status Four U.S. patent application filed

UT Researcher Mohamed G. Gouda, Ph.D., Computer Sciences, The University of Texas at Austin Xiang-Yang A. Liu, B.S., Computer Sciences, The University of Texas at Austin

Type of Offer: Licensing

Contact Patent Owner or Broker


Next Patent »
« More Computer Science Patents

Share on      

CrowdSell Your Patent