International Business Machines Corporation
Security information propagation in a network protection system

Abstract:

A network protection system (NPS) is augmented to determine and apply security information for a host on a network. The NPS is configured to monitor the host. In response to an occurrence, e.g., the host requesting a network host address, the NPS dynamically determines the security information and encodes it in a portion of the IP address that is assigned. The particular portion of the IP address that is configured for the security information is identified according to variable-length subnet masking (VLSM) notation and, in particular, by including an additional host identifier subdivision that identifies the portion that carries the relevant security data. The security information (e.g., a rank) is encoded in a bitmask. An IP address that has been extended in this manner is then provided on the network, where it is readily-evaluated by other applications and systems that recover the security information by simply applying the bitmask to the IP address.