System and method for compact form exhaustive analysis of security policies
US9467473B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 19, 2013 |
| Grant date | Oct 11, 2016 |
| Priority date | — |
| Expiry date | Dec 31, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system is described that analyzes and validates network security policies associated with network devices. The system includes a compiler and a security policy analysis and validation tool. The compiler encodes a security policy associated with a network device into a predicate expressed in bit-vector logic and generates a bit-vector formula based on the predicate. The tool receives the bit-vector formula and applies a Satisfiability Modulo Theories (SMT) solver thereto to identify and enumerate solutions to the bit-vector formula. The enumerated solutions provide information about the validity of the first security policy. The solutions may be compactly enumerated in a as product of intervals or a product of unions of intervals.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.