Departmental Papers (CIS)

Date of this Version

May 2002

Document Type

Conference Paper


Copyright 2002 IEEE. Reprinted from Proceedings of the DARPA Active Networks Conference and Exposition 2002 (DANCE 2002), pages 224-237.
Publisher URL:

This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to By choosing to view this document, you agree to all provisions of the copyright laws protecting it.


Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [22]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [20], with an environment of general-purpose service routines governed by trust management [11]. In particular, we employ a technique which expands or contracts a packet’s service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.



Date Posted: 15 November 2004

This document has been peer reviewed.