
Departmental Papers (CIS)
Title
Date of this Version
August 2003
Document Type
Journal Article
Recommended Citation
Michael Hicks, Angelos D. Keromytis, and Jonathan M. Smith, "A Secure PLAN", . August 2003.
Abstract
Active networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks.
This correspondence describes the design and implementation of a security architecture for the active network PLANet [1]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [2], with an environment of general-purpose service routines governed by trust management [3]. In particular, a technique is used which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security.
The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.
Keywords
Active firewall, active networks, active packets, PLAN, programming languages, security
Date Posted: 15 November 2004
This document has been peer reviewed.
Comments
Copyright 2003 IEEE. Reprinted from IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, Volume 33, Issue 3, August 2003, pages 413-426.
Publisher URL: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=27780&puNumber=5326
This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.