Inventor(s)

Abstract

The proposal introduces a data-plane aligned mechanism for propagating compact, actionable threat context in-band with live traffic to enable immediate and coordinated security enforcement across distributed environments. Instead of relying on centralized control-plane signaling or out-of-band policy distribution, the approach encodes deterministic enforcement intent such as action, severity, scope, and validity into bounded in-band metadata that travels along the same forwarding path as the affected traffic.

Enforcement points decode and validate this metadata in the fast path and apply policy actions at data-plane speed without requiring context lookups or external coordination. Rich threat details remain out-of-band and are optionally resolved only when needed. By aligning threat context propagation with the data path and preserving packet size and performance constraints, the proposal enables scalable, consistent, and timely enforcement across network, cloud, endpoint, and application domains.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Share

COinS