公开(公告)号：US20180083921A1

公开(公告)日：2018-03-22

申请号：US15825924

申请日：2017-11-29

Applicant: Konvax Corporation

Inventor： Maurizio Talamo ,  Franco Arcieri ,  Christian H. Schunck ,  Armanas Povilionis

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/0245 ,  G06F16/7343 ,  G06F16/90344 ,  H04L63/0263 ,  H04L67/1036

Abstract: Fast string search and matching is critical for many security tasks in particular if these have “gate functionality” for instance as found in access control applications, firewalls, routers, and load balancers. The fast matching of strings is essential to impose and enforce access control policies without creating bottlenecks. Firewalls protect networks by monitoring the traffic crossing the network perimeter. The number of packet matching rules firewalls can effectively handle is limited by the matching time and space complexity of the algorithms employed. A new approach implements matching independent of the number of rules and linear in the length of the rule to be matched. A data structure used in this approach is referred to as a “Bipartite Concatenated Representation” (BCR). The space complexity of the BCR within this application scenario scales as O(N log2 N) where N is the number of rules.

公开(公告)号：US10681007B2

公开(公告)日：2020-06-09

申请号：US15825924

申请日：2017-11-29

Applicant: Konvax Corporation

Inventor： Maurizio Talamo ,  Franco Arcieri ,  Christian H. Schunck ,  Armanas Povilionis

IPC: H04L29/06 ,  G06F16/732 ,  H04L29/08 ,  G06F16/903

Abstract: Fast string search and matching is critical for many security tasks in particular if these have “gate functionality” for instance as found in access control applications, firewalls, routers, and load balancers. The fast matching of strings is essential to impose and enforce access control policies without creating bottlenecks. Firewalls protect networks by monitoring the traffic crossing the network perimeter. The number of packet matching rules firewalls can effectively handle is limited by the matching time and space complexity of the algorithms employed. A new approach implements matching independent of the number of rules and linear in the length of the rule to be matched. A data structure used in this approach is referred to as a “Bipartite Concatenated Representation” (BCR). The space complexity of the BCR within this application scenario scales as O(N log2 N) where N is the number of rules.