Automatic Compilation of Firewall and Intrusion Detection Rules for High-Speed Network Processing Engines

Award Information
Agency: Department of Energy
Branch: N/A
Contract: DE-FG02-04ER84062
Agency Tracking Number: 75500S04-I
Amount: $99,573.00
Phase: Phase I
Program: SBIR
Awards Year: 2004
Solicitation Year: 2004
Solicitation Topic Code: 10
Solicitation Number: DOE/SC-0075
Small Business Information
Reservoir Labs, Inc.
632 Broadway, Suite 803, New York, NY, 10012
DUNS: N/A
HUBZone Owned: Y
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Kenneth Mackenzie
 Dr.
 (212) 780-0527
 kenmac@reservoir.com
Business Contact
 Richard Lethin
Title: Dr.
Phone: (212) 780-0527
Email: lethin@reservoir.com
Research Institution
N/A
Abstract
75500-This project will develop technologies for building ultra-high-speed network security systems such as firewalls and intrusion detection systems. These systems will be capable of operating at the multi-gigabits/sec rates required by DOE computer networks. In addition, they will permit convenient and agile updating of sophisticated firewall and intrusion detection rules to combat newly discovered security threats. Advanced compiler techniques will be implemented to automatically translate and map firewall and intrusion detection rules for execution on high-performance network processing engines capable of operation at 10-40 gigabits/sec rates. This will allow new filtering rules to be expressed using high-level languages and incorporated into an existing network security system within minutes, with minimal user effort. Phase I will study: (1) the modeling of network processing architectures using a parameterized architecture model; (2) the expression of firewall and intrusion detection rules using a streaming language; and (3) the performance potential of compiler-assisted code generation and deployment. Commercial Applications and Other Benefits as described by the awardee: The proposed technology should enhance programmability and low-cost deployment cycles without compromising on efficiency. In addition to enabling more secure network infrastructures, the technology should help further the development of value-added services on commercial networks, such as e-mail virus and spam filtering, caching, and content customization and transcoding.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government