Title :
An access control architecture for programmable routers
Author :
Gao, Jun ; Steenkiste, Peter
Author_Institution :
Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
Programmable networks allow the router´s functionality to be extended dynamically through the use of active extensions. This flexible architecture facilitates the deployment of new network protocols and services. However, the programmable nature of a network also raises serious safety and security concerns. These concerns must be addressed before programmable networks can be deployed. One particular security question is how we can limit what resources and data active extensions can access on the router. While existing operating systems address this question for end-points and servers, routers have been designed to perform a different task, namely forwarding packets, and the existing OS solutions turn out to be inadequate for routers. We look at how we can restrict active extensions´ access to link bandwidth and data traffic. Our solution is based on access control lists that are used to check all active extensions´ operations that may affect the use of link bandwidth, or may involve access to user traffic. We implemented these mechanisms in Darwin, an example of a programmable network
Keywords :
authorisation; computer networks; network operating systems; telecommunication network routing; telecommunication security; Darwin; access control architecture; active extensions; data security; data traffic; link bandwidth; network operating systems; network protocols; packet forwarding; programmable networks; programmable routers; safety; Access control; Bandwidth; Communication system traffic control; Computer architecture; Control systems; Data security; Open source software; Operating systems; Quality of service; Safety;
Conference_Titel :
Open Architectures and Network Programming Proceedings, 2001 IEEE
Conference_Location :
Anchorage, AK
Print_ISBN :
0-7803-7064-3
DOI :
10.1109/OPNARC.2001.916835
