Abstract: The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.

Abstract: A method and apparatus for a network monitor internals mechanism that serves to translate packet data into multiple concurrent streams of network event data is provided. The data translation is accomplished by interpreting both sides of each protocol transaction.

Abstract: The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.

Abstract: The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.

Abstract: A method and apparatus for allowing a technique for continuously assessing the security of a network to be applicable to network assessment, by capturing and classifying large volumes of network traffic based on a formal policy, and applying such to both long-term and short-term network assessment.

Abstract: A method and apparatus for generating an initial policy specification file is provided. A level of abstraction over a policy language is used, simplifying creating the file based on gross character characteristics of a network at the IP level, such as policy domains, communities of hosts, subnets, and firewalls.

Abstract: A method and apparatus for a network monitor internals mechanism that serves to translate packet data into multiple concurrent streams of network event data is provided. The data translation is accomplished by interpreting both sides of each protocol transaction.

Abstract: A method is used to access a sub-region of a two or more dimensional data region, in which said region is composed of a patchwork of individually addressable tiles. A hardware assisted mechanism is used to address, reformat, and composite data from each tile to produce a row-major subregion data stream to the consuming device. This method abstracts information about how the desired region is stored and addressed, so that further processing steps can process the data as a contiguous two or more dimensional space without regard to how the data is composited. This is particularly useful for doing image processing on graphics processing systems where source data is often stored in separately managed and addressed tiles.

Abstract: A hierarchical display list system and efficient processing method for same. The system provides a display list having discontiguous display list segments and an information retrieval system for same (e.g. DMA controller in one embodiment). Each display list segment (DLS) contains a call to a next to be processed DLS or a return. The call includes a push (which indicates the address of the return DLS) and also a jump control data (which indicates the address of the next to be processed DLS. The push and jump and also contain the length of the respective DLS's involved. DLSs can also contain return control data which include a POP and a jump. Nesting (e.g. the display list control path) is maintained by a display list stack. The discontiguous DLSs are separately stored in memory of the host processor.