Automatic Compilation of Firewall and Intrusion Detection Rules for High-Speed Network Processing Engines
75500-This project will develop technologies for building ultra-high-speed network security systems such as firewalls and intrusion detection systems. These systems will be capable of operating at the multi-gigabits/sec rates required by DOE computer networks. In addition, they will permit convenient and agile updating of sophisticated firewall and intrusion detection rules to combat newly discovered security threats. Advanced compiler techniques will be implemented to automatically translate and map firewall and intrusion detection rules for execution on high-performance network processing engines capable of operation at 10-40 gigabits/sec rates. This will allow new filtering rules to be expressed using high-level languages and incorporated into an existing network security system within minutes, with minimal user effort. Phase I will study: (1) the modeling of network processing architectures using a parameterized architecture model; (2) the expression of firewall and intrusion detection rules using a streaming language; and (3) the performance potential of compiler-assisted code generation and deployment. Commercial Applications and Other Benefits as described by the awardee: The proposed technology should enhance programmability and low-cost deployment cycles without compromising on efficiency. In addition to enabling more secure network infrastructures, the technology should help further the development of value-added services on commercial networks, such as e-mail virus and spam filtering, caching, and content customization and transcoding.
Small Business Information at Submission:
Reservoir Labs, Inc.
632 Broadway Suite 803 New York, NY 10012
Number of Employees: