Current networks are highly segmented and physically isolated.

The segmented structure of current network inherently ensures robustness and security of the system. Additionally, time-critical network traffic is not affected by security mechanisms such as firewalls. SFGs, on the other hand, are highly interconnected and are not based on isolated networks.

Therefore, to ensure network security in SFGs, an increasing number of security mechanisms are installed. However, those mechanisms have to withstand high loads due to the extensive connectivity of SFGs. Notably, such security mechanisms are not exposed to comparable loads in current networks. Critically, current research reveals common security mechanisms to cause strongly fluctuating latency on passing traffic under high loads. The inadequate performance of security components in dynamic load scenarios such as SFGs is the central challenge of my research field.

The objective is to design security configurations that seamlessly align with optimal network performance, ensuring both robust protection and efficiency.

Qualitative comparative data for the evaluation of strategies and algorithms containing both topology and security configurations is difficult to obtain. To generate such data sets, we have programmed a generator for reproducible evaluation scenarios. Using a small testbed, we aim to validate the quality of the generated datasets, enabling us to conduct meaningful simulations with data of larger topologies.

The research approach I am currently exploring addresses the aforementioned challenges by distributing filter rules from a central, non-real-time-capable filter to multiple real-time-capable filters within the same network.