A Secure PLAN (Extended Version)

Loading...
Thumbnail Image
Penn collection
Departmental Papers (CIS)
Degree type
Discipline
Subject
Funder
Grant number
License
Copyright date
Distributor
Related resources
Author
Hicks, Michael
Keromytis, Angelos D
Contributor
Abstract

Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [22]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [20], with an environment of general-purpose service routines governed by trust management [11]. In particular, we employ a technique which expands or contracts a packet’s service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.

Advisor
Date of presentation
2002-05-29
Conference name
Departmental Papers (CIS)
Conference dates
2023-05-16T21:42:49.000
Conference location
Date Range for Data Collection (Start Date)
Date Range for Data Collection (End Date)
Digital Object Identifier
Series name and number
Volume number
Issue number
Publisher
Publisher DOI
Journal Issue
Comments
Copyright 2002 IEEE. Reprinted from Proceedings of the DARPA Active Networks Conference and Exposition 2002 (DANCE 2002), pages 224-237. Publisher URL: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=21659&page=1 This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
Recommended citation
Collection