TY - JOUR T1 - A secure PLAN JF - IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews Y1 - 2003 A1 - Hicks, Michael W. A1 - Keromytis,A. D A1 - Smith,J. M KW - active networks KW - active-network firewall KW - Authentication KW - Authorization KW - Contracts KW - cryptography KW - Environmental management KW - Extraterrestrial measurements KW - functionally restricted packet language KW - general-purpose service routines KW - Internet KW - latency overhead KW - namespace-based security KW - packet switching KW - PLANet KW - Planets KW - privilege level KW - programmable networks KW - Safety KW - safety risks KW - secure PLAN KW - security of data KW - security risks KW - trust management KW - two-level architecture KW - virtual private network KW - Virtual private networks KW - Web and internet services AB - Active networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks. This correspondence describes the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, a technique is used which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets. VL - 33 SN - 1094-6977 CP - 3 M3 - 10.1109/TSMCC.2003.817347 ER -