Skip to main content

Distributed adaptive security by programmable firewall

Objective

The vision of the project is to develop a novel and comprehensive security solution for secure broadband services, by combining the following: flexible implementation techniques for high-speed packet processing, algorithms for intrusion detection, and policy-based techniques for automated configuration and decision handling.

The project aims for the general goal of development and deployment of innovative network components that enable service providers to offer to their customers secure broadband services in an effective and cost-efficient way.

In order to achieve this overall goal, the project pursues the following individual objectives:
- Design and implement an innovative architecture for provider-controlled distributed high-speed edge devices, aimed to become a new generation of distributed high-speed broadband firewalls with policy-based control, that are suitable to provide a comprehensive security solution meeting the needs of customers and service providers.
- Develop and deploy enhanced techniques capable of detecting a wide range of security violations, in particular detecting DDOS (Distributed Denial of Service) attacks, but also suitable for detecting and identifying other types of malfunctioning. Achieve enhanced detection capabilities by designing flexible and effective solutions for distributed monitoring of application traffic.
- Establish techniques for intelligent response to security violations, in particular providing an effective protection against DDOS attacks.
¿Ensure fair, coherent, and efficient enforcement of security policies by management and control of the distributed firewall components.
- Define use-cases for the new technology, deploy them in meaningful testbeds, and disseminate know-how and training of target people.

The architecture ensures high performance in combination with functional flexibility using programmable hardware for classification, filtering, sampling and measurements.

Funding Scheme

STREP - Specific Targeted Research Project

Coordinator

FRANCE TELECOM SA
Address
Place D'alleray 6
75015 Paris
France

Participants (6)

EBERHARD KARLS UNIVERSITAET TUEBINGEN
Germany
Address
Wilhelmstrasse 7
72074 Tuebingen
GROUPE DES ECOLES DES TELECOMMUNICATIONS
France
Address
46, Rue Barrault
75634 Paris 13
IBM RESEARCH GMBH
Switzerland
Address
Saeumerstrasse 4
Rueschlikon
IMPERIAL COLLEGE OF SCIENCE, TECHNOLOGY AND MEDICINE
United Kingdom
Address
South Kensington Campus, Exhibition Road
SW7 2AZ London
JOZEF STEFAN INSTITUTE
Slovenia
Address
Jamova 39
1000 Ljubljana
TELEKOMUNIKACJA POLSKA S.A.
Poland
Address
Ul. Twarda 18
00-105 Warszawa