Departmental Papers (CIS)

Date of this Version

August 2003

Document Type

Journal Article


Copyright 2003 IEEE. Reprinted from IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, Volume 33, Issue 3, August 2003, pages 413-426.
Publisher URL:

This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to By choosing to view this document, you agree to all provisions of the copyright laws protecting it.


Active networks, being programmable, promise greater flexibility than current networks. Programmability, however, may introduce safety and security risks.

This correspondence describes the design and implementation of a security architecture for the active network PLANet [1]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [2], with an environment of general-purpose service routines governed by trust management [3]. In particular, a technique is used which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security.

The design and implementation of an active-network firewall and virtual private network is used as an application of the security architecture. Measurements of the system show that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.


Active firewall, active networks, active packets, PLAN, programming languages, security



Date Posted: 15 November 2004

This document has been peer reviewed.