Diadem Firewall


Computer Networks and Internet, University of Tuebingen

Team Leader:

Prof. Dr. Georg Carle

Staff Members:

Dr. Falko Dressler
Ali Fessi

Reinhard Mayer
Gerhard Münz


Christian Bannes
Lothar Braun
Michael Drüing
Christoph Ehinger
Fabian Haibl
Ömer Koyuncu
Martina Mußner
Jan Petranek
Raimondas Sasnauskas


European Commission


France Telecom R&D
IBM Zuerich Research Lab
Imperial College London
Groupe des Ecoles des Télécommunications
Jozef Stefan Institute
Polish Telecom




NetLab Project

Project Time:

01.01.2004 - 30.09.2006


The vision of the project is to develop a novel and comprehensive security solution for secure broadband services, by combining the following:

  • flexible implementation techniques for high-speed packet processing,
  • algorithms for intrusion detection,
  • and policy-based techniques for automated configuration and decision-handling.

The project aims for the general goal of development and deployment of innovative network components that enable service providers to offer to their customers secure broadband services in an effective and cost-efficient way. In order to achieve this overall goal, the project pursues the following individual objectives:

  • Design and implement an innovative architecture for provider-controlled distributed high-speed edge devices, aimed to become a new generation of distributed high-speed broadband firewalls with policy-based control, that are suitable to provide a comprehensive security solution meeting the needs of customers and service providers.
  • Develop and deploy enhanced techniques capable of detecting a wide range of security violations, in particular detecting DDOS (Distributed Denial of Service) attacks, but also suitable for detecting and identifying other types of malfunctioning.
  • Achieve enhanced detection capabilities by designing flexible and effective solutions for distributed monitoring of application traffic.
  • Establish techniques for intelligent response to security violations, in particular providing an effective protection against DDOS attacks.
  • Ensure fair, coherent, and efficient enforcement of security policies by management and control of the distributed firewall components.
  • Define use-cases for the new technology, deploy them in meaningful test beds, and disseminate know-how and training of target people.

The architecture ensures high performance in combination with functional flexibility using programmable hardware for classification, filtering, sampling and measurements.


Saboteure und Spione im Visier: Tübinger Informatiker arbeiten an intelligentem Abwehrsystem gegen Angriffe im Internet. attempto! 17/2004.
(Download (German): PDF [342kB])


Please refer to the official project homepage.