A security architecture for active networks

One of the impediments in deploying active networks is its lack of support for security. In overlay type of active networks, required security is provided by sand boxing in Java. However, in the active networking approach where packets are processed in the network layer, there is only little support for security. This paper presents a new method of providing security using Public Key Infrastructure (PKI). It can be also used with the Encapsulating Security Payload (ESP) of the IP Security (IPSec) protocol. Key-Words:Active networks, Security, IPSec, PKI

[1]  John V. Guttag,et al.  ANTS: a toolkit for building and dynamically deploying network protocols , 1998, 1998 IEEE Open Architectures and Network Programming.

[2]  Gerald J. Popek Correctness in access control , 1973, ACM Annual Conference.

[3]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[4]  Steven B. Lipner,et al.  Non-Discretionery Controls for Commercial Applications , 1982, 1982 IEEE Symposium on Security and Privacy.

[5]  Jianping Wu,et al.  The research on security architecture for active networks and security mechanism for active nodes , 2003, 10th International Conference on Telecommunications, 2003. ICT 2003..

[6]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[7]  G.J. Minden,et al.  A survey of active network research , 1997, IEEE Communications Magazine.

[8]  Robert N. M. Watson,et al.  Strong security for active networks , 2001, 2001 IEEE Open Architectures and Network Programming Proceedings. OPENARCH 2001 (Cat. No.01EX484).

[9]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[10]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[11]  Roger R. Schell,et al.  Toward an Understanding of Extensible Architectures for Evaluated Trusted Computer System Products , 1984, 1984 IEEE Symposium on Security and Privacy.

[12]  Mohamed El-Sayed,et al.  Dynamic virtual private networks , 2002, Bell Labs Technical Journal.

[13]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[14]  Roger R. Schell,et al.  Concepts and Terminology for Computer Security , 2006 .

[15]  Robert P. Goldberg,et al.  Architectural Principles for Virtual Computer Systems , 1973 .

[16]  Elliott I. Organick,et al.  The multics system: an examination of its structure , 1972 .

[17]  Zeng-Zhi Li,et al.  Research and implementation of a scalable secure active network node , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[18]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[19]  Jerome H. Saltzer,et al.  A hardware architecture for implementing protection rings , 1972, CACM.

[20]  Konstantinos Psounis,et al.  Active networks: Applications, security, safety, and architectures , 1999, IEEE Communications Surveys & Tutorials.

[21]  David Wetherall,et al.  Improving the performance of distributed applications using active networks , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[22]  Larry L. Peterson,et al.  Scout: a communications-oriented operating system , 1995, Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V).

[23]  Roger R. Schell,et al.  Mechanism Sufficiency Validation by Assignment , 1981, 1981 IEEE Symposium on Security and Privacy.

[24]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[25]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[26]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[27]  John H. Hartman,et al.  Liquid Software: A New Paradigm for Networked Systems , 1996 .

[28]  Jung-Chan Na,et al.  A secure method for transferring active packet using digital signature schemes , 2003, 10th International Conference on Telecommunications, 2003. ICT 2003..

[29]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[30]  Ellen W. Zegura,et al.  An architecture for active networking , 1997, HPN.