Patents by Inventor Cezar P. Grzelak
Cezar P. Grzelak has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9900334Abstract: A computer-implemented method for using multi-dimensional geometry in simulations of packet flows through network devices, is provided. The computer-implemented method includes receiving an input object for traffic simulation of network devices, comprising a source and destination host ranges and source and destination port ranges, and protocol, application and vulnerability ranges, targeted for the destination host ranges. The computer-implemented method further includes representing blocked traffic of the simulated traffic by an intersection of at least two n-dimensional cuboids in n-dimensional space. The computer-implemented method further includes subtracting an access control list shape from an input shape to obtain a concave form representing permitted host, port, protocol, application, and vulnerability combinations of ranges. The computer-implemented method further includes decomposing the obtained concave shape into multiple convex shapes that satisfy a set of predetermined input conditions.Type: GrantFiled: June 2, 2015Date of Patent: February 20, 2018Assignee: International Business Machines CorporationInventor: Cezar P. Grzelak
-
Patent number: 9860264Abstract: A computer-implemented method for using multi-dimensional geometry in simulations of packet flows through network devices, is provided. The computer-implemented method includes receiving an input object for traffic simulation of network devices, comprising a source and destination host ranges and source and destination port ranges, and protocol, application and vulnerability ranges, targeted for the destination host ranges. The computer-implemented method further includes representing blocked traffic of the simulated traffic by an intersection of at least two n-dimensional cuboids in n-dimensional space. The computer-implemented method further includes subtracting an access control list shape from an input shape to obtain a concave form representing permitted host, port, protocol, application, and vulnerability combinations of ranges. The computer-implemented method further includes decomposing the obtained concave shape into multiple convex shapes that satisfy a set of predetermined input conditions.Type: GrantFiled: December 23, 2014Date of Patent: January 2, 2018Assignee: International Business Machines CorporationInventor: Cezar P. Grzelak
-
Publication number: 20160182555Abstract: A computer-implemented method for using multi-dimensional geometry in simulations of packet flows through network devices, is provided. The computer-implemented method includes receiving an input object for traffic simulation of network devices, comprising a source and destination host ranges and source and destination port ranges, and protocol, application and vulnerability ranges, targeted for the destination host ranges. The computer-implemented method further includes representing blocked traffic of the simulated traffic by an intersection of at least two n-dimensional cuboids in n-dimensional space. The computer-implemented method further includes subtracting an access control list shape from an input shape to obtain a concave form representing permitted host, port, protocol, application, and vulnerability combinations of ranges. The computer-implemented method further includes decomposing the obtained concave shape into multiple convex shapes that satisfy a set of predetermined input conditions.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Inventor: Cezar P. Grzelak
-
Publication number: 20160182557Abstract: A computer-implemented method for using multi-dimensional geometry in simulations of packet flows through network devices, is provided. The computer-implemented method includes receiving an input object for traffic simulation of network devices, comprising a source and destination host ranges and source and destination port ranges, and protocol, application and vulnerability ranges, targeted for the destination host ranges. The computer-implemented method further includes representing blocked traffic of the simulated traffic by an intersection of at least two n-dimensional cuboids in n-dimensional space. The computer-implemented method further includes subtracting an access control list shape from an input shape to obtain a concave form representing permitted host, port, protocol, application, and vulnerability combinations of ranges. The computer-implemented method further includes decomposing the obtained concave shape into multiple convex shapes that satisfy a set of predetermined input conditions.Type: ApplicationFiled: June 2, 2015Publication date: June 23, 2016Inventor: Cezar P. Grzelak
-
Patent number: 9043461Abstract: An illustrative embodiment of a method for firewall rule use counting receives log messages comprising one or more log data sets from each firewall rule in a particular network whose counts are to be tracked in a log collector, generates a network trie for each reference database in a set of databases and a device source trie and a device destination trie for each firewall device in a plurality of devices of the particular network, a source port and protocol list and a destination port and protocol list for each respective device, a unique object for each log data set received; a mapping database comprising an entry for each log data set received associated with the unique object; and feeds each entry in the mapping database through a topology model to also generate a reference to a unique firewall rule on a respective device in the plurality of devices.Type: GrantFiled: March 21, 2014Date of Patent: May 26, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rory F. Bray, Cezar P. Grzelak, Jason D. Keirstead
-
Patent number: 8949418Abstract: An illustrative embodiment of a method for firewall rule use counting receives log messages comprising one or more log data sets from each firewall rule in a particular network whose counts are to be tracked in a log collector, generates a network trie for each reference database in a set of databases and a device source trie and a device destination trie for each firewall device in a plurality of devices of the particular network, a source port and protocol list and a destination port and protocol list for each respective device, a unique object for each log data set received; a mapping database comprising an entry for each log data set received associated with the unique object; and feeds each entry in the mapping database through a topology model to also generate a reference to a unique firewall rule on a respective device in the plurality of devices.Type: GrantFiled: December 11, 2012Date of Patent: February 3, 2015Assignee: International Business Machines CorporationInventors: Rory F. Bray, Cezar P. Grzelak, Jason D. Keirstead
-
Publication number: 20140208412Abstract: An illustrative embodiment of a method for firewall rule use counting receives log messages comprising one or more log data sets from each firewall rule in a particular network whose counts are to be tracked in a log collector, generates a network trie for each reference database in a set of databases and a device source trie and a device destination trie for each firewall device in a plurality of devices of the particular network, a source port and protocol list and a destination port and protocol list for each respective device, a unique object for each log data set received; a mapping database comprising an entry for each log data set received associated with the unique object; and feeds each entry in the mapping database through a topology model to also generate a reference to a unique firewall rule on a respective device in the plurality of devices.Type: ApplicationFiled: March 21, 2014Publication date: July 24, 2014Applicant: International Business Machines CorporationInventors: Rory F. Bray, Cezar P. Grzelak, Jason D. Keirstead
-
Publication number: 20140164595Abstract: An illustrative embodiment of a method for firewall rule use counting receives log messages comprising one or more log data sets from each firewall rule in a particular network whose counts are to be tracked in a log collector, generates a network trie for each reference database in a set of databases and a device source trie and a device destination trie for each firewall device in a plurality of devices of the particular network, a source port and protocol list and a destination port and protocol list for each respective device, a unique object for each log data set received; a mapping database comprising an entry for each log data set received associated with the unique object; and feeds each entry in the mapping database through a topology model to also generate a reference to a unique firewall rule on a respective device in the plurality of devices.Type: ApplicationFiled: December 11, 2012Publication date: June 12, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rory F. Bray, Cezar P. Grzelak, Jason D. Keirstead