DocumentCode
809217
Title
A secure PLAN
Author
Hicks, Michael ; Keromytis, Angelos D. ; Smith, Jonathan M.
Author_Institution
Maryland Univ., College Park, MD, USA
Volume
33
Issue
3
fYear
2003
Firstpage
413
Lastpage
426
Abstract
Active networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks. This correspondence describes the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, a technique is used which expands or contracts a packet´s service environment based on its level of privilege, termed namespace-based security. The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
Keywords
Internet; packet switching; security of data; PLANet; active networks; active-network firewall; functionally restricted packet language; general-purpose service routines; latency overhead; namespace-based security; privilege level; programmable networks; safety risks; secure PLAN; security risks; trust management; two-level architecture; virtual private network; Authentication; Authorization; Contracts; Cryptography; Environmental management; Extraterrestrial measurements; Planets; Safety; Virtual private networks; Web and internet services;
fLanguage
English
Journal_Title
Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on
Publisher
ieee
ISSN
1094-6977
Type
jour
DOI
10.1109/TSMCC.2003.817347
Filename
1238683
Link To Document