Author :
Hicks, Michael ; Keromytis, Angelos D. ; Smith, Jonathan M.
Author_Institution :
Maryland Univ., College Park, MD, USA
Abstract :
Active networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks. This correspondence describes the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, a technique is used which expands or contracts a packet´s service environment based on its level of privilege, termed namespace-based security. The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
Keywords :
Internet; packet switching; security of data; PLANet; active networks; active-network firewall; functionally restricted packet language; general-purpose service routines; latency overhead; namespace-based security; privilege level; programmable networks; safety risks; secure PLAN; security risks; trust management; two-level architecture; virtual private network; Authentication; Authorization; Contracts; Cryptography; Environmental management; Extraterrestrial measurements; Planets; Safety; Virtual private networks; Web and internet services;
Journal_Title :
Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on
DOI :
10.1109/TSMCC.2003.817347
