Evolution in Action: Using Active Networking to Evolve Network Support for Mobility
IWAN '02 Proceedings of the IFIP-TC6 4th International Working Conference on Active Networks
| Hi-index | 0.00 |
Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [22].Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [20], with an environment of general-purpose service routines governed by trust management[11].In particular, we employ a technique, which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security.As an application of our security architecture, we present the design and implementation of an active-network fire-wall.We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.