Active Networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks. This paper describes the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, a technique is used which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
[ .pdf ]
@ARTICLE{HicksKS03,
AUTHOR = {Michael Hicks and Angelos D. Keromytis and Jonathan M. Smith},
TITLE = {A Secure {PLAN}},
JOURNAL = {{IEEE Transactions on Systems, Man, and Cybernetics, Part C}},
MONTH = {August},
VOLUME = 33,
NUMBER = 3,
PAGES = {413--426},
YEAR = 2003,
NOTE = {Special Issue on Technologies Promoting Computational Intelligence, Openness and Programmability in Networks and {I}nternet Services, Part {I}}
}