Code revocation for active networks

Active networks are placed at considerable risk by running code that arrives over the network. Careful crafting of authorization policy and stringent enforcement provide considerable protection against such risks. However, there still might be reasons why a packet that is executing in accordance with the authorization policy might cause damage. For example, the code might have bugs or may have been improperly configured or the packet might have been unintentionally launched. For the safety of the network a mechanism is needed that would permit users and networks to find faulty, misconfigured, or misbehaving active code and revoke its ability to execute. This paper considers the important issues and features of providing for revocation of code and an architecture that will support it in a wide-scale active network. It describes the parameters that identify the entities that issue the revocation notice and the entities that are to be revoked. It also describes an approach for policy composition from multiple entities, which eventually decides whether a revocation notice is authorized to act on a particular piece of code. Finally, this paper presents an innovative approach towards revocation in traditional networks using active networking as the transporting mechanism.