Analysis and Implementation of a Dynamically Reconfigurable Majority Decision Firewall System
The majority decision firewall system is a concept, which allows to combine multiple, different firewalls to increase security guarantees. For every packet reaching the system a vote is conducted by sending it to each firewall and counting how many of these forward it. If the majority forwards it the packet is sent to the destination network, otherwise it is discarded. Prior work on the firewall system required to restart and reconfigure the system when changing the set of firewalls that take part in the majority decision. This bachelor thesis analyzes and describes designs, which allow to dynamically reconfigure the firewall system. This means that the firewalls eligible for voting can be added, removed and replaced without interrupting the traffic flow. To this end a virtualized environment is used to easily create and configure firewalls using VMs. Furthermore, an implementation is developed and evaluated, which is based on a design described in the thesis.