A secure PLAN (extended version)
| Title | A secure PLAN (extended version) |
| Publication Type | Conference Papers |
| Year of Publication | 2002 |
| Authors | Hicks MW, Keromytis AD, Smith JM |
| Conference Name | DARPA Active NEtworks Conference and Exposition, 2002. Proceedings |
| Date Published | 2002/// |
| Publisher | IEEE |
| ISBN Number | 0-7695-1564-9 |
| Keywords | active internetwork, active networks, active-network firewall, Authentication, authorisation, Authorization, Cities and towns, Computer networks, Computer science, cryptography, functionally restricted packet language, general-purpose service routines, Information security, internetworking, IP networks, latency overhead, namespace-based security, PLAN, PLANet, Planets, programmability, Safety, security architecture, telecommunication security, trust management, two-level architecture, Web and internet services |
| Abstract | Active networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. We describe the design and implementation of a security architecture for the active network PLANet (Hicks et al., 1999). Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN (Hicks et al., 1998), with an environment of general-purpose service routines governed by trust management (Blaze et al., 1996). In particular, we employ a technique which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets |
| DOI | 10.1109/DANCE.2002.1003496 |