The Price of Safety in an Active Network

Thumbnail Image
Penn collection
Technical Reports (CIS)
Degree type
Grant number
Copyright date
Related resources
Alexander, D. Scott
Anagnostakis, Kostas G.
Arbaugh, William A
Keromytis, Angelos D

Lack of security is a major threat to "Active Networking," as programmability creates numerous opportunities for mischief. The point at which programmability is exposed, e.g., through the loading of code into network elements, must therefore be carefully crafted to ensure security. This paper makes two contributions. First, it describes the implementation of a solution, the Secure Active Network Environment (SANE), which is intended to operate on an active network router. The SANE architecture provides a secure bootstrap process, which includes cryptographic certificate exchange and results in execution of a module loader for introducing new code, as well as a packet execution environment. SANE thus permits a direct comparison of security implications of active packets (such as "capsules") with active extensions (used for "flows" of packets). The second contribution of the paper is a performance study using a combination of execution traces and end-to-end throughput measurements. The example code performs an "active ping" and allows us to break down costs into categories such as authentication. In our SANE implementation on 533 Mhz Alpha PCs, securing active packets effectively increases the time required to process a packet by a third. This result implies that the majority of packets must remain unauthenticated in high performance active networking solutions. We discuss some solutions which preserve security.

Date Range for Data Collection (Start Date)
Date Range for Data Collection (End Date)
Digital Object Identifier
Series name and number
Publication date
Volume number
Issue number
Publisher DOI
Journal Issue
University of Pennsylvania Department of Computer and Information Science Technical Report No. MS-CIS-99-04.
Recommended citation