Articles:
A Secure Plan
Michael W. Hicks; Angelos D. Keromytis
Downloads:
- Title:
- A Secure Plan
- Author(s):
-
Hicks, Michael W.
Keromytis, Angelos D. - Date:
- 1999
- Type:
- Articles
- Department:
- Computer Science
- Permanent URL:
- http://hdl.handle.net/10022/AC:P:14003
- Part Number:
- 1653
- Book/Journal Title:
- Active networks: First International Working Conference, IWAN'99, Berlin, Germany, June 30-July 2, 1999: proceedings
- Book Author:
- Covaci, Stefan
- Publisher:
- Springer
- Publisher Location:
- New York
- Abstract:
- Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [HMA+99]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [HKM+98], with an environment of general-purpose service routines governed by trust management [BFL96]. In particular, we employ a technique which expands or contracts a packet’s service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we outline the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
- Subject(s):
- Computer science
- DOI:
- http://dx.doi.org/10.1007/978-3-540-48507-0_28
- Item views:
- 33