SBIR-STTR Award

A number of simulataneous trends (ever-increasing network speeds and throughput, escalating sophistication of attacks, regulatory initiatives, and integration of networks within and without the enterprise) can cause both bottlenecks and quality-of-service degradation within the firewalls of computing systems used by the DOE and large corporations. This project will develop an advanced, scalable, function-parallel firewall methodology that is capable of maintaining an optimized set of firewall rules, in order to maximize performance and better mitigate new security threats. Unlike current firewall systems, which are not scalable and require an appliance swap to upgrade, the new methodology will provide a low-cost, scalable, high-speed firewall, with intrusion detection and prevention capabilities, that addresses markets for 1-gigabit. Phase I will determine the feasibility of a device that leverages new optimization and parallelization techniques, leading to higher throughput with lower delays. The benefits of policy optimization, function-parallel firewall, and designs for intrusion detection systems will be evaluated through modeling, simulation, and the development of a prototype device.

Commercial Applications and Other Benefits as described by the awardee:
The new methodolgy should find application at various sites connected via the DOE UltraScienceNet, specifically at ORNL, BNL, and LANL. Furthermore, any corporation (i.e. banks, insurance, airlines, manufactures, etc.) that must move large amounts of critical data in real time across the network would benefit from this technology

Intrusion Detection Systems inspect arriving packets for malicious content (signatures) as defined by a security policy. Unfortunately, comparing packet headers and payloads against a policy can be complex and time-consuming, a problem that intensifies as polices and network speeds continue to increase. As a result, the IPS and, more importantly, the network it protects can be quickly overwhelmed and susceptible to Denial of Service (DoS) attacks. This project will develop a scalable network IPS architecture that will minimize the impact of DoS attacks for the increasing network speeds and traffic loads. The architecture will consist of an array of processors, configured in parallel, that collectively enforce a security policy. Unlike current data parallel designs that distribute the packets and duplicate the policy rules (load balancing), this proposed system will use a parallel design that distributes the policy rules across the processors and duplicates the packets. In Phase I, methods for optimally reorganizing and distributing the policy rules across the function parallel firewall were developed. A prototype parallel firewall system also was developed, tested, and analyzed. Experimental results showed the proposed architecture is more than m times faster than an equivalent data parallel system, where m is the number of machines in the parallel array. Phase II will develop the parallel Intrusion Detection System (IDS), which will be integrated with the firewall to create a high speed IPS.

Commercial Applications and Other Benefits as described by the awardee:
The new IDS should find immediate use at various sites connected via the DOE Ultra-ScienceNet, specifically at ORNL, BNL, and LANL. Furthermore, any corporation (i.e. banks, insurance, airlines, manufactures, internet multimedia content providers, managed network service providers, etc.) that must move large amounts of critical data in real time across the network would benefit from this technology