The vision of the project is to develop a novel and comprehensive security solution for secure broadband services, by combining the following: flexible implementation techniques for high-speed packet processing, algorithms for intrusion detection, and policy-based techniques for automated configuration and decision handling.
The project aims for the general goal of development and deployment of innovative network components that enable service providers to offer to their customers secure broadband services in an effective and cost-efficient way.
In order to achieve this overall goal, the project pursues the following individual objectives:
- Design and implement an innovative architecture for provider-controlled distributed high-speed edge devices, aimed to become a new generation of distributed high-speed broadband firewalls with policy-based control, that are suitable to provide a comprehensive security solution meeting the needs of customers and service providers.
- Develop and deploy enhanced techniques capable of detecting a wide range of security violations, in particular detecting DDOS (Distributed Denial of Service) attacks, but also suitable for detecting and identifying other types of malfunctioning. Achieve enhanced detection capabilities by designing flexible and effective solutions for distributed monitoring of application traffic.
- Establish techniques for intelligent response to security violations, in particular providing an effective protection against DDOS attacks.
¿Ensure fair, coherent, and efficient enforcement of security policies by management and control of the distributed firewall components.
- Define use-cases for the new technology, deploy them in meaningful testbeds, and disseminate know-how and training of target people.
The architecture ensures high performance in combination with functional flexibility using programmable hardware for classification, filtering, sampling and measurements.
Funding SchemeSTREP - Specific Targeted Research Project
75634 Paris 13
SW7 2AZ London