Personal website of

Prof. Dr.-Ing. habil. Falko Dressler

Diadem Firewall

Institution

Team

Funding

  • EU (European Commission)

Partners

  • France Telecom R&D
  • IBM Zuerich Research Lab
  • Imperial College London
  • Groupe des Ecoles des Télécommunications
  • Jozef Stefan Institute
  • Polish Telecom

Homepage

Project Time

  • 01.01.2004 - 31.12.2006

Description

The vision of the project is to develop a novel and comprehensive security solution for secure broadband services, by combining the following:

    • flexible implementation techniques for high-speed packet processing,
    • algorithms for intrusion detection,
    • and policy-based techniques for automated configuration and decision-handling.

The project aims for the general goal of development and deployment of innovative network components that enable service providers to offer to their customers secure broadband services in an effective and cost-efficient way. In order to achieve this overall goal, the project pursues the following individual objectives:

    • Design and implement an innovative architecture for provider-controlled distributed high-speed edge devices, aimed to become a new generation of distributed high-speed broadband firewalls with policy-based control, that are suitable to provide a comprehensive security solution meeting the needs of customers and service providers.
    • Develop and deploy enhanced techniques capable of detecting a wide range of security violations, in particular detecting DDOS (Distributed Denial of Service) attacks, but also suitable for detecting and identifying other types of malfunctioning.
    • Achieve enhanced detection capabilities by designing flexible and effective solutions for distributed monitoring of application traffic.
    • Establish techniques for intelligent response to security violations, in particular providing an effective protection against DDOS attacks.
    • Ensure fair, coherent, and efficient enforcement of security policies by management and control of the distributed firewall components.
    • Define use-cases for the new technology, deploy them in meaningful test beds, and disseminate know-how and training of target people.

The architecture ensures high performance in combination with functional flexibility using programmable hardware for classification, filtering, sampling and measurements.

Press

  • Saboteure und Spione im Visier: Tübinger Informatiker arbeiten an intelligentem Abwehrsystem gegen Angriffe im Internet. attempto! 17/2004.
    (Download (German): PDF [342kB])

Selected Publications

  • Falko Dressler and Hemant Chaskar, "Security Architectures for Wired and Wireless Networks: Threats and Countermeasures," Tutorial, 1st IEEE/ACM International Conference on Communication System Software and Middleware (COMSWARE 2006), New Delhi, India, January 08, 2006. [BibTeX, Details...]
  • Falko Dressler, "Adaptive Re-Configuration of Network Monitoring Applications," Proceedings of Dagstuhl Seminar 06011 on Autonomic Networking, Schloss Dagstuhl, Germany, January 2006. [BibTeX, PDF and Details...]
  • Falko Dressler, Andreas Klenk, Cornelia Kappler, Ali Fessi and Georg Carle, "Path-coupled Signaling for Dynamic Metering Configuration in IP-based Networks," Proceedings of IFIP Networking and Electronic Commerce Research Conference (NAEC 2005), Riva Del Garda, Italy, October 2005, pp. 388–399. [BibTeX, PDF and Details...]
  • G. Dittmann, D. Gabrijelcic, S. Yusuf, A. Fessi, R. Sasnauskas, Y. Carlinet, and J. van Lunteren, "Initial Firewall Element Prototype," DIADEM Technical Report D8, July 2005.
    [Download: PDF (771kB)]
  • G. Münz, O. Paul, and F. Dressler, "Initial Violation Detection Prototype," DIADEM Technical Report D9, July 2005.
    [Download: PDF (771kB)]
  • S. Yusuf, M. Sloman, Y. Thing, and Y. Carlinet, "Initial Response Management Prototype," DIADEM Technical Report D10, July 2005.
    [Download: PDF (771kB)]
  • Falko Dressler and Georg Carle, "HISTORY - High Speed Network Monitoring and Analysis," Proceedings of 24th IEEE Conference on Computer Communications (INFOCOM 2005), Poster Session, Miami, FL, March 2005. [BibTeX, PDF and Details...]
  • Georg Carle, Falko Dressler and Günter Schäfer, "Netzwerksicherheit - Verteilte Angriffserkennung im Internet," Tutorial, 14. GI/ITG Fachtagung Kommunikation in Verteilten Systemen (KiVS 2005), Kaiserslautern, Germany, March 28, 2005. [BibTeX, Details...]
  • P. Sagmeister, R. Wehage, G. Dittmann, J. van Lunteren, O. Paul, S. Yusuf, M. Sloman, Y. Thing, G. Muenz, Dressler, T. Koloszyk, M. Kowalczyk, D. Gabrijelcic, and Y. Carlinet, "Architecture Specification," DIADEM Technical Report D5, January 2005.
    [Download: PDF (494kB)]
  • D. Gabrijelcic, Y. Carlinet, G. Muenz, Dressler, R. Wehage, S. Yusuf, P. Sagmeister, and G. Dittmann, "Revised Interfaces Specification," DIADEM Technical Report D6, January 2005.
    [Download: PDF (629kB)]
  • P. Piotrowski, Y. Carlinet, O. Paul, and P. Tobis, "Initial Demonstrator Specification," DIADEM Technical Report D7, January 2005.
    [Download: PDF (771kB)]
  • Falko Dressler, Gerhard Münz and Georg Carle, "Attack Detection using Cooperating Autonomous Detection Systems (CATS)," Proceedings of 1st IFIP International Workshop on Autonomic Communication (WAC 2004), Poster Session, Berlin, Germany, October 2004. [BibTeX, PDF and Details...]
  • Y. Carlinet, P. Sagmeister, O. Paul, S. Yusuf, M. Sloman, F. Dressler, T. Koloszyk, M. Kowalczyk, L. Sketa, "Initial Interface Specification," DIADEM Technical Report D2, July 2004.
    [Download: PDF (1400kB)]
  • Y. Carlinet, O. Cherkaoui, F. Dressler, C. Ehinger, A. Fadlallah, G. Muenz, M. Mußner, O. Paul, A. Serhrouchni, M. Sloman, S. Yusuf, "Attack Requirements Specification," DIADEM Technical Report D3, July 2004.
    [Download: PDF (1283kB)]
  • Y. Carlinet, D. Chalmers, F. Dressler, N. Dulay, W. Luk, E. Lupu, O. Paul, M. Sloman, S. Yusuf, "Response Requirements Specification," DIADEM Technical Report D4, July 2004.
    [Download: PDF (317kB)]
Last modified: 2023-12-09