Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, we employ a technique which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes around a 30 percent latency overhead, and as little as a 6.7 percent space overhead to incoming packets.
[ .ps ]
@INPROCEEDINGS{HicksK99,
AUTHOR = {Michael Hicks and Angelos D. Keromytis},
TITLE = {A Secure {PLAN}},
BOOKTITLE = {Proceedings of the First International Working Conference on
Active Networks (IWAN)},
MONTH = {June},
YEAR = 1999,
PUBLISHER = {Springer-Verlag},
EDITOR = {Stefan Covaci},
SERIES = {Lecture Notes in Computer Science},
VOLUME = 1653,
PAGES = {307--314},
NOTE = {Reprinted with extensions in {DARPA} Active Networks Conference and Exposition (DANCE) and IEEE Transactions on Systems, Man, and Cybernetics, Part C}
}