Realizing a flexible access control mechanism for active nodes based on active networking technology

This paper presents a model and mechanism for flexible access control of loadable on-demand services in an active network, using code origin authentication and runtime supervision. During the development of the access control mechanism, we strongly focused on keeping the mechanism as efficient as possible, and to realize a modular design which allows to dynamically upgrade and configure the mechanism, making use of the active networking technology itself, while at the same time ensuring that mandatory security checks cannot be circumvented. Each service has to pass initial checks before it can he executed on an active node. Our approach provides access control that is dynamic, extensible and efficient, realizing a demand-driven supervision which avoids supervision of those actions that do not need to be supervised. Specific access control modules are realized as active services and activated when needed. Finally, we present results that have been achieved with a first prototype developed for the active networking platform (active multicast network) which are very promising.