A secure PLAN
| Title | A secure PLAN |
| Publication Type | Journal Articles |
| Year of Publication | 2003 |
| Authors | Hicks MW, Keromytis AD, Smith JM |
| Journal | IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews |
| Volume | 33 |
| Issue | 3 |
| Pagination | 413 - 426 |
| Date Published | 2003/08// |
| ISBN Number | 1094-6977 |
| Keywords | active networks, active-network firewall, Authentication, Authorization, Contracts, cryptography, Environmental management, Extraterrestrial measurements, functionally restricted packet language, general-purpose service routines, Internet, latency overhead, namespace-based security, packet switching, PLANet, Planets, privilege level, programmable networks, Safety, safety risks, secure PLAN, security of data, security risks, trust management, two-level architecture, virtual private network, Virtual private networks, Web and internet services |
| Abstract | Active networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks. This correspondence describes the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, a technique is used which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets. |
| DOI | 10.1109/TSMCC.2003.817347 |