2002 Articles
A Secure PLAN (Extended Version)
Active networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. We describe the design and implementation of a security architecture for the active network PLANet (Hicks et al., 1999). Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN (Hicks et al., 1998), with an environment of general-purpose service routines governed by trust management (Blaze et al., 1996). In particular, we employ a technique which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
Subjects
Files
- SecurePLAN.pdf application/pdf 103 KB Download File
Also Published In
- Title
- Proceedings: DARPA Active Networks Conference and Exposition: May 29-30, 2002, San Francisco, California, USA
- Publisher
- IEEE Computer Society
- DOI
- https://doi.org/10.1109/DANCE.2002.1003496
More About This Work
- Academic Units
- Computer Science
- Published Here
- July 5, 2012