TY - CONF T1 - A secure PLAN (extended version) T2 - DARPA Active NEtworks Conference and Exposition, 2002. Proceedings Y1 - 2002 A1 - Hicks, Michael W. A1 - Keromytis,A. D A1 - Smith,J. M KW - active internetwork KW - active networks KW - active-network firewall KW - Authentication KW - authorisation KW - Authorization KW - Cities and towns KW - Computer networks KW - Computer science KW - cryptography KW - functionally restricted packet language KW - general-purpose service routines KW - Information security KW - internetworking KW - IP networks KW - latency overhead KW - namespace-based security KW - PLAN KW - PLANet KW - Planets KW - programmability KW - Safety KW - security architecture KW - telecommunication security KW - trust management KW - two-level architecture KW - Web and internet services AB - Active networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. We describe the design and implementation of a security architecture for the active network PLANet (Hicks et al., 1999). Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN (Hicks et al., 1998), with an environment of general-purpose service routines governed by trust management (Blaze et al., 1996). In particular, we employ a technique which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets JA - DARPA Active NEtworks Conference and Exposition, 2002. Proceedings PB - IEEE SN - 0-7695-1564-9 M3 - 10.1109/DANCE.2002.1003496 ER -