Patent
Security actuator for a dynamically programmable computer network
Phillip Porras,Keith Skinner,Steven Dawson +2 more
- 02 Jul 2014
96
TL;DR: In this article, a network security policy may be implemented at network switches as a set of active packet disposition directives, which express higher-level network security policies, such as blocking and/or redirecting network traffic.
read more
Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with packet disposition directives. A security actuator receives flow policy directives from a number of network applications. The flow policy directives express higher-level network security policy goals, including blocking and/or redirecting network traffic. The security actuator converts a flow policy directive into one or more packet disposition directives. The packet disposition directives may include trigger rules to cause network communications to be monitored for matching trigger packets. An automated mechanism initiated by the security actuator may cause trigger packets to be forwarded to the security actuator for analysis. The security actuator may generate packet disposition directives in response to receiving the trigger packets.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Discovering and grouping application endpoints in a network environment
Sachin Waman Danait,Kannan Ponnuswamy,Paul Lesiak +2 more
- 16 Oct 2014
TL;DR: In this paper, an example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints.
105
Patent
Visualizations of statistics associated with captured network data
Fang I. Hsiao,Wei Jiang,Vladimir A. Shcherbakov,Ramkumar Chandrasekharan,Clayton S. Ching +4 more
- 29 Apr 2015
TL;DR: In this paper, a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents is presented.
74
Patent
Intent based network configuration
Henry Louis Fourie,Zhang Hong +1 more
- 17 Feb 2016
TL;DR: In this article, an embodiment device includes a network interface, a non-transitory computer readable medium having executable instructions thereon, and a processor coupled to the network interface and the computer-readable medium, and executable instructions cause the processor to receive an Intent representing requirements for data traffic on a network having a plurality of endpoints.
72
Patent
Grouping and managing event streams generated from captured network data
Fang I. Hsiao,Clayton S. Ching,Michael R. Dickey,Vladimir A. Shcherbakov,Nishant Teredesai,Cary Glen Noel +5 more
- 30 Jan 2015
TL;DR: In this article, the authors present a system that facilitates the processing of network data by displaying a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents.
57
Patent
Load balancing among a cluster of firewall security devices
Edward Lopez,Joe Mihelich,Matthew F. Hepburn +2 more
- 09 Aug 2016
TL;DR: In this paper, a method for balancing load among firewall security devices (FSDs) in a network is disclosed, according to which a switch causes FSDs of a cluster to enter into a load balancing mode.
56
References
•Proceedings Article
FRESCO: Modular Composable Security Services for Software-Defined Networks
Seungwon Shin,Phillip Porras,Vinod Yegneswara,Martin Fong,Guofei Gu,Mabry Tyson +5 more
- 26 Feb 2013
TL;DR: This paper introduces FRESCO, an OpenFlow security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled detection and mitigation modules, and demonstrates the utility of FRESCO through the implementation of several well-known security defenses as Open Flow security services.
A security enforcement kernel for OpenFlow networks
Philip Porras,Seungwon Shin,Vinod Yegneswaran,Martin Fong,Mabry Tyson,Guofei Gu +5 more
- 13 Aug 2012
TL;DR: This work introduces FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller that enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications.
Patent
Policy management and conflict resolution in computer networks
Suzanne Thebaut,Walter Scott,Eric S Rustici,Prasan Kaikini,Lundy Lewis,Rajiv Malik,Steve Sycamore,Roger Dev,Oliver C. Ibe,Ajay Aggarwal,Todd Wohlers +10 more
- 28 Mar 1997
TL;DR: In this paper, the authors propose a method for determining an enforceable policy applicable to one or more network devices, which is based on attaching rule elements to domain elements to create policies, the domain elements representing network devices and groups of network devices.
436
Patent
Openflow communication system and openflow communication method
Kiyohisa Ichino
- 23 Feb 2010
TL;DR: In this paper, an OpenFlow controller generates a registration flow entry which is stored in a flow table of a specific OpenFlow switch arranged on a route of the communication flow, and an encapsulated packet is generated by reflating the registration flow entries and an ordinary packet.
350
Patent
Notifying a Controller of a Change to a Packet Forwarding Configuration of a Network Element Over a Communication Channel
András Kern,Dávid Jocha +1 more
- 17 Dec 2010
TL;DR: In this article, the authors present a method for notifying a controller of a change to a packet forwarding configuration of the network element by sending a message to the controller over the communication channel.
285
Related Papers (5)
Phillip Porras,Martin Fong,Vinod Yegneswaran +2 more
- 13 Mar 2013
Roy Liang Chua,Andrew Keith Pearce,Matthew Palmer +2 more
- 15 Mar 2013