Securing distributed adaptation

Open architecture networks provide applications with fine-grained control over network elements. With this control comes the risk of misuse and new challenges to security beyond those present in conventional networks. One particular security requirement is the ability of applications to protect the secrecy and integrity of transmitted data while still allowing trusted active elements within the network to operate on that data. This paper describes mechanisms for identifying trusted nodes within a network and securely deploying adaptation instructions to those nodes while protecting application data from unauthorized access and modification. Promising experimental results of our implementation within the conductor adaptation framework are also presented, suggesting that such features can be incorporated into real networks.

[1]  Sandra L. Murphy,et al.  Secure active network prototypes , 2002, Proceedings DARPA Active Networks Conference and Exposition.

[2]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, RFC.

[3]  Mark D. Yarvis,et al.  Automated Planning for Open Architectures , 2000 .

[4]  Jonathan M. Smith,et al.  Protocol boosters , 1998, IEEE J. Sel. Areas Commun..

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Daniel E. Geer,et al.  Mobile Code Security , 1998, IEEE Internet Comput..

[7]  Angelos D. Keromytis,et al.  A secure active network environment architecture: realization in SwitchWare , 1998, IEEE Netw..

[8]  Matt Bishop,et al.  The Solar Trust Model: authentication without limitation , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[9]  Atul Prakash,et al.  Antigone: A Flexible Framework for Secure Group Communication , 1999, USENIX Security Symposium.

[10]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[11]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[12]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[13]  Mark D. Yarvis,et al.  Conductor: Distributed Adaptation for Complex Networks , 1999 .

[14]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[15]  Roy H. Campbell,et al.  Seraphim: dynamic interoperable security architecture for active networks , 2000, 2000 IEEE Third Conference on Open Architectures and Network Programming. Proceedings (Cat. No.00EX401).

[16]  Michael Hitchens,et al.  Active networks and security , 1999 .

[17]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[18]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .