A Secure PLAN. Michael Hicks, Angelos D. Keromytis, and Jonathan M. Smith. IEEE Transactions on Systems, Man, and Cybernetics, Part C, 33(3):413-426, August 2003. Special Issue on Technologies Promoting Computational Intelligence, Openness and Programmability in Networks and Internet Services, Part I.

Active Networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks. This paper describes the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, a technique is used which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.

[ .pdf ]

@ARTICLE{HicksKS03,
  AUTHOR = {Michael Hicks and Angelos D. Keromytis and Jonathan M. Smith},
  TITLE = {A Secure {PLAN}},
  JOURNAL = {{IEEE Transactions on Systems, Man, and Cybernetics, Part C}},
  MONTH = {August},
  VOLUME = 33,
  NUMBER = 3,
  PAGES = {413--426},
  YEAR = 2003,
  NOTE = {Special Issue on Technologies Promoting Computational Intelligence, Openness and Programmability in Networks and {I}nternet Services, Part {I}}
}

This file has been generated by bibtex2html 1.69