Abstract
Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [HMA+99]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [HKM+98], with an environment of general-purpose service routines governed by trust management [BFL96]. In particular, we employ a technique which expands or contracts a packet’s service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we outline the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alexander, D.S., Arbaugh, W.A., Hicks, M., Kakkar, P., Keromytis, A.D., Moore, J.T., Gunter, C.A., Nettles, S.M., Smith, J.M.: The SwitchWare Active Network Architecture. IEEE Network Magazine, special issue on Active and Programmable Networks 12(3), 29–36 (1998)
Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Smith, J.M.: A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine, special issue on Active and Programmable Networks 12(3), 37–45 (1998)
Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Smith, J.M.: Security in Active Networks. In: Secure Internet Programming [VJ99] (1999)
Alexander, D.S.: ALIEN: A Generalized Computing Model of Active Networks. PhD thesis, University of Pennsylvania (September 1998)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The Role of Trust Management in Distributed Systems Security. In: Secure Internet Programming [VJ99] (1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 17th Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)
Bershad, B., Savage, S., Pardyak, P., Sirer, E.G., Fiuczynski, M., Becker, D., Eggers, S., Chambers, C.: Extensibility, Safety and Performance in the SPIN Operating System. In: Proceedings of 15th Symposium on Operating Systems Principles, December 1995, pp. 267–284 (1995)
Chase, J.S., Levy, H.M., Feeley, M.J., Lazowska, E.D.: Sharing and Protection in a Single-Address-Space Operating System. ACM Transactions on Computer systems (November 1994)
Gunter, C.A., Jim, T.: Policy-Directed Certificate Retrieval (1998), http://www.cis.upenn.edu/~qcm
Hawblitzel, C., Chang, C., Czajkowski, G.: Implementing Multiple Protection Domains in Java. In: Proceedings of the 1998 USENIX Annual Technical Conference, June 1998, pp. 259–270 (1998)
Hicks, M.: PLAN System Security. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania (April 1998)
Hicks, M., Keromytis, A.D.: A Secure PLAN. Technical Report MS-CIS-99-14, Department of Computer and Information Science, University of Pennsylvania (May 1999)
Hicks, M., Kakkar, P., Moore, J.T., Gunter, C.A., Nettles, S.: PLAN: A Packet Language for Active Networks. In: Proceedings of the Third ACM SIGPLAN International Conference on Functional Programming Languages, pp. 86–93. ACM, New York (1998)
Hicks, M., Moore, J.T., Alexander, D.S., Gunter, C.A., Nettles, S.: PLANet: An Active Internetwork. In: Proceedings of the Eighteenth IEEE Computer and Communication Society INFOCOM Conference, pp. 1124–1133. IEEE, Los Alamitos (1999)
Leroy, X.: The Caml Special Light System (Release 1.10), http://pauillac.inria.fr/ocaml
Levy, J.Y., Ousterhout, J.K., Welch, B.B.: The Safe-Tcl Security Model. In: Proceedings of the 1998 USENIX Annual Technical Conference, June 1998, pp. 271–282 (1998)
Leroy, X., Rouaix, F.: Security properties of typed applets. In: Secure Internet Programming [VJ99]
Moore, J.: Mobile Code Security Techniques. Technical Report MS-CIS-98-28, University of Pennsylvania (May 1998)
Milner, R., Tofte, M., Harper, R.: The Definition of Standard ML. The MIT Press, Cambridge (1990)
Security Architecture for Active Nets (June 1998), Draft available at http://www.ittc.ukans.edu/~ansecure/0079.html
Necula, G.C.: Proof-Carrying Code. In: Proceedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119. ACM Press, New York (1997)
Necula, G.C., Lee, P.: Safe Kernel Extensions Without Run-Time Checking. In: Second Symposium on Operating System Design and Implementation, Usenix, Seattle, pp. 229–243 (1996)
von Eicken, T.: J-Kernel a capability based operating system for Java. In: Secure Internet Programming [VJ99]
Vitek, J., Jensen, C.: Secure Internet Programming: Security Issues for Mobile and Distributed Objects. LNCS. Springer, New York (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hicks, M., Keromytis, A.D. (1999). A Secure Plan. In: Covaci, S. (eds) Active Networks. IWAN 1999. Lecture Notes in Computer Science, vol 1653. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-48507-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-48507-0_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66238-9
Online ISBN: 978-3-540-48507-0
eBook Packages: Springer Book Archive