Academic Commons

Articles

A Secure Plan

Hicks, Michael W.; Keromytis, Angelos D.

Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [HMA+99]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [HKM+98], with an environment of general-purpose service routines governed by trust management [BFL96]. In particular, we employ a technique which expands or contracts a packet’s service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we outline the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.

Subjects

Files

Also Published In

Title
Active networks: First International Working Conference, IWAN'99, Berlin, Germany, June 30-July 2, 1999: proceedings
DOI
https://doi.org/10.1007/978-3-540-48507-0_28

More About This Work

Academic Units
Computer Science
Publisher
Springer
Series
Lecture Notes in Computer Science, 1653
Published Here
July 12, 2012
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.