A Secure PLAN. Michael Hicks and Angelos D. Keromytis. In Stefan Covaci, editor, Proceedings of the First International Working Conference on Active Networks (IWAN), volume 1653 of Lecture Notes in Computer Science, pages 307--314. Springer-Verlag, June 1999. Reprinted with extensions in DARPA Active Networks Conference and Exposition (DANCE) and IEEE Transactions on Systems, Man, and Cybernetics, Part C.

Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN, with an environment of general-purpose service routines governed by trust management. In particular, we employ a technique which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network firewall. We find that the addition of the firewall imposes around a 30 percent latency overhead, and as little as a 6.7 percent space overhead to incoming packets.

[ .ps ]

@inproceedings{HicksK99,
  author = {Michael Hicks and Angelos D. Keromytis},
  title = {A Secure {PLAN}},
  booktitle = {Proceedings of the First International Working Conference on
		  Active Networks (IWAN)},
  month = {June},
  year = 1999,
  publisher = {Springer-Verlag},
  editor = {Stefan Covaci},
  series = {Lecture Notes in Computer Science},
  volume = 1653,
  pages = {307--314},
  note = {Reprinted with extensions in {DARPA} Active Networks Conference and Exposition (DANCE) and IEEE Transactions on Systems, Man, and Cybernetics, Part C}
}

This file was generated by bibtex2html 1.99.