In this thesis, the multi-firewall architecture FORTRESS developed at the institute is to be conceptually enhanced. The architecture increases security by allowing multiple firewalls to inspect a packet rather than deciding on its fate alone. Since the Snowden revelations, it is known that firewalls can be compromised at the factory, so trust in a firewall is no longer 100%. The simultaneous use of firewalls from different vendors coupled with components for replication and a majority decision is one way to still achieve secure perimeter protection for networks. The concept has already been developed at the institute and evaluated in various implementations (e.g. using Network Function Virtualization -- NFV). The basic concept must now be further developed in such a way that the additional effort is reduced, i.e., the number of replicated packages must be reduced, possibly dynamically depending on the current security situation.
Within the scope of the work, different possibilities should be designed, analysed and compared regarding overhead and their resulting safety level. The evaluation takes place within the framework of a prototype implementation based on already existing software. The work is carried out in cooperation with Airbus in Munich.
1--10 Gbps server, cloud environment