首页> 外国专利> Security rule database searching in a network security environment

Security rule database searching in a network security environment

机译：网络安全环境中的安全规则数据库搜索

页面导航

摘要
著录项
相似文献

摘要

Ipsec rules are searched in order from rules containing the most specificity to those containing the least specificity of attributes. The static rules include placeholders for sets of dynamic rules. Dynamic rules are searched only if a placeholder is the first matching rule in the static table. Sets of dynamic rules are partitioned into separate groups. Within each group there is no rule order dependence. Each such group is searched with an enhanced search mechanism, such as a search tree. For connection oriented protocols, security rule binding information is stored in association with the connection. This allows the searching of the rules to be performed only when a connection is first established. If a static or dynamic rule is changed during a connection, a search is repeated. For selected connectionless protocols, packets are treated as if they were part of a simulated connection. A pseudo-connection memory block is allocated with the creation of each socket and Ipsec security binding information is stored in the pseudo-connection memory block on a first packet.

机译：从包含最高特异性的规则到包含最低特异性的规则的顺序搜索ipsec规则。静态规则包括动态规则集的占位符。仅当占位符是静态表中的第一个匹配规则时，才搜索动态规则。动态规则集分为不同的组。在每个组中没有规则顺序依赖性。使用诸如搜索树之类的增强搜索机制来搜索每个此类组。对于面向连接的协议，安全规则绑定信息与连接关联存储。这允许仅在首次建立连接时才执行规则的搜索。如果在连接过程中更改了静态或动态规则，则会重复搜索。对于选定的无连接协议，将数据包视为它们是模拟连接的一部分。通过创建每个套接字分配伪连接存储块，并将ipsec安全绑定信息存储在第一个数据包的伪连接存储块中。

著录项

公开/公告号US6715081B1

专利类型
公开/公告日2004-03-30

原文格式PDF
申请/专利权人 INTERNATIONAL BUSINESS MACHINES CORPORATION;
展开▼

申请/专利号US19990373361
发明设计人 KIRA STERLING ATTWOOD;LINWOOD HUGH OVERBY JR.;BRIAN SEAN PERRY;DAVID JOHN WIERBOWSKI;JAMES RUSSELL GODWIN;
展开▼

申请日1999-08-12
分类号H04L90/00;H04L93/20;
国家 US
入库时间 2022-08-21 23:13:00

相似文献

专利
外文文献
中文文献