Abstract
The desire for flexible networking services has given rise to the concept of “active networks.” Active networks provide a general framework for designing and implementing network-embedded services, typically by means of a programmable network infrastructure. A programmable network infrastructure creates significant new challenges for securing the network infrastructure.
This paper begins with an overview of active networking. It then moves to security issues, beginning with a threat model for active networking, moving through an enumeration of the challenges for system designers, and ending with a survey of approaches for meeting those challenges. The Secure Active Networking Environment (SANE) realizes many of these approaches; an implementation exists and provides acceptable performance for even the most aggressive active networking proposals such as active packets (sometimes called “capsules”).
We close the paper with a discussion of open problems and an attempt to prioritize them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
D. S. Alexander. ALIEN: A Generalized Computing Model of Active Networks. PhD thesis, University of Pennsylvania, September 1998.
D. S. Alexander, W. A. Arbaugh, M. Hicks, P. Kakkar, A. D. Keromytis, J. T. Moore, C. A. Gunter, S. M. Nettles, and J. M. Smith. The Switch Ware Active Network Architecture. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):29–36, 1998.
D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):37–45, 1998.
D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. Safety and Security of Programmable Network Infrastructures. IEEE Communications Magazine, 36(10):84–92, 1998.
W. A. Arbaugh, D. J. Farber, and J. M. Smith. A Secure and Reliable Bootstrap Architecture. In Proceedings 1997 IEEE Symposium on Security and Privacy, pages 65–71, May 1997.
W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith. Automated Recovery in a Secure Bootstrap Process. In Proceedings of Network and Distributed System Security Symposium, pages 155–167. Internet Society, March 1998.
W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols. In Proceedings of Global Internet (GlobeCom)’ 98, November 1998.
R. Atkinson. Security Architecture for the Internet Protocol. RFC 1825, August 1995.
B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. Fiuczynski, D. Becker, S. Eggers, and C. Chambers. Extensibility, safety and performance in the spin operating system. In Proc. 15th SOSP, pages 267–284, December 1995.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust-Management System. Work in Progress, http://www.cis.upenn.edu/~angelos/keynote.html, June 1998.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming [60].
R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin. Resource ReSerVation Protocol (RSVP)-Version 1 Functional Specification. Internet RFC 2208, 1997.
J. S. Chase, H. M. Levy, M. J. Feeley, and E. D. Lazowska. Sharing and Protection in a Single-Address-Space Operating System. In ACM Transactions on Computer systems, November 1994.
Paul Christopher Clark. BITS: A Smartcard Protected Operating System. PhD thesis, George Washington University, 1994.
Consultation Committee. X.509: The Directory Authentication Framework. International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.
Daemon9, Route, and Infinity. Project neptune. Phrack Magazine, 7(48), 1996.
S. E. Deering. Host extensions for IP multicasting. Internet RFC 1112, 1989.
W. Diffie and M.E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, Nov 1976.
W. Diffie, P.C. van Oorschot, and M.J. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.
DOD. Trusted Computer System Evaluation Criteria. Technical Report DOD 5200.28-STD, Department of Defense, December 1985.
L. Gong. A Security Risk of Depending on Synchronized Clocks. ACM Operating Systems Review, 26(1), January 1992.
L. Gong and R. Schemers. Implementing Protection Domains in the Java Development Kit 1.2. In Proc. of Network and Distributed System Security Symposium (NDSS), pages 125–134, March 1998.
James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison Wesley, Reading, 1996.
R. Grimm and B. Bershad. Providing policy neutral and transparent access control in extensible systems. In Secure Internet Programming [60].
Hermann Härtig, Oliver Kowalski, and Winfried Kühnhauser. The Birlix security architecture. Journal of Computer Security, 2(1):5–21, 1993.
C. Hawblitzel, C. Chang, and G. Czajkowski. Implementing Multiple Protection Domains in Java. In Proc. of the 1998 USENIX Annual Technical Conference, pages 259–270, June 1998.
M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunter, and S. Nettles. PLAN: A Programming Language for Active Networks. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania, February 1998.
Mike W. Hicks and Jonathan T. Moore. PLAN Web Page. http://www.cis.upenn.edu/~switchware/PLAN/.
C. A. R. Hoare. Communicating Sequential Processes. Communications of the ACM, 21(8):666–677, August 1978.
C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1984.
B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.
Butler Lampson, Martin Abadi, and Michael Burrows. Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems, v10:265–310, November 1992.
X. Leroy and F. Rouaix. Security properties of typed applets. In Secure Internet Programming [60].
Xavier Leroy. The Caml Special Light System (Release 1.10). http://pauillac.inria.fr/ocaml.
I. M. Leslie, D. McAuley, R. Black, T. Roscoe, P. Barham, D. Evers, R. Fair-bairns, and E. Hyden. The Design and Implementation of an Operating System to Support Distributed Multimedia Applications. IEEE Journal on Selected Areas in Communications, 14(7):1280–1297, September 1996.
J. Y. Levy, J. K. Ousterhout, and B. B. Welch. The Safe-Tcl Security Model. In Proc. of the 1998 USENIX Annual Technical Conference, pages 271–282, June 1998.
François Louaix. A Web Navigator with Applets in Caml. In Fifth WWW Conference, 1996.
D.D. Clark M.D. Schroeder and J.H. Saltzer. The MULTICS Kernel Design Project. In Sixth ACM Symposium on Operating Systems Principles, pages 43–56, 1977.
R. Milner, M. Tofte, and R. Harper. The Definition of Standard ML. MIT Press, 1990.
A. B. Montz, D. Mosberger, S. W. O’Malley, L. L. Peterson, T. A. Proebsting, and J. H. Hartman. Scout: A communications-oriented operating system. Technical report, Department of Computer Science, University of Arizona, June 1994.
J. Moore. Mobile Code Security Techniques. Technical Report MS-CIS-98-28, University of Pennsylvania, May 1998.
G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to Typed Assembly Language. In Proc. of the 25th ACM Symposium on Principles of Programming Languages, January 1998.
Data Encryption Standard, January 1977.
George C. Necula. Proof-Carrying Code. In Proceedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 106–119. ACM Press, New York, January 1997.
George C. Necula and Peter Lee. Safe Kernel Extensions Without Run-Time Checking. In Second Symposium on Operating System Design and Implementation (OSDI), pages 229–243. Usenix, Seattle, 1996.
Peter G. Neumann. Architectures and Formal Representations for Secure Systems. Final Report. SRI Project 6401 A002, SRI International, October 1995.
R. De Nicola, G. L. Ferrari, and R. Pugliese. Types as specifications of access policies. In Secure. Internet Programming [60].
Digital Signature Standard, May 1994.
Secure Hash Standard, April 1995. Also known as: 59 Fed Reg 35317 (1994).
Cracker Attack Paralyzes PANIX. RISKS Digest. Volume 18. Issue 45., September 1996.
C. Partridge and A. Jackson. Smart Packets. Technical report, BBN, 1996. http://www.net-tech.bbn.com-/smtpkts/smtpkts-index.html.
Jon Postel. User Datagram Protocol. Internet RFC 768, 1980.
Jon Postel. Internet Protocol. Internet RFC 791, 1981.
J. H. Saltzer. Protection and the Control of Information Sharing in Multics. In Communications of the ACM, pages 388–402, July 1974.
M. D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. PhD thesis, MIT, September 1972.
M.D. Schroeder. Engineering a Security Kernel for MULTICS. In Fifth Symposium on Operating Systems Principles, pages 125–132, November 1975.
J. M. Smith, D. J. Farber, C. A. Gunter, S. M Nettles, D. C. Feldmeier, and W. D. Sincoskie. Switch Ware: Accelerating Network Evolution. Technical Report MS-CIS-96-38, CIS Dept. University of Pennsylvania, 1996.
P. Syverson. A Taxonomy of Replay Attacks. In Proceedings of the Computer Security Foundations Workshop VII (CSFW7), June 1994.
J.D. Tygar and Bennet Yee. DYAD: A System for Using Physically Secure Coprocessors. Technical Report CMU-CS-91-140R, Carnegie Mellon University, May 1991.
Jan Vitek and Christian Jensen. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.
T. von Eicken. J-kernel a capability based operating system for java. In Secure Internet Programming [60].
R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In Proc. of the 14th Symposium on Operating System Principles, pages 203–216, December 1993.
Ian Wakeman, Alan Jeffrey, Rory Graves, and Tim Owen. Designing a Programming Language for Active Networks, submitted to Hipparch special issue of Network and ISDN Systems, June 1998. http://www.cogs.susx.ac.uk/projects/-safetynet/papers/isdn.ps.gz.
David J. Wetherall, John Guttag, and David L. Tennenhouse. Ants: A toolkit for building and dynamically deploying network protocols. In IEEE OpenArch Proceedings. IEEE Computer Society Press, Los Alamitos, April 1998.
Bennet Yee. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, 1994.
P. Zimmerman. PGP User’s Manual, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Smith, J.M. (1999). Security in Active Networks. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_20
Download citation
DOI: https://doi.org/10.1007/3-540-48749-2_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66130-6
Online ISBN: 978-3-540-48749-4
eBook Packages: Springer Book Archive