The SwitchWare Active Network Implementation

This is an overview of work on the SwitchWare active network project, which began two years ago based on ideas about how to improve the exibility of networks by making the network programmable. The original ideas for active networks as a whole and some comparative analysis of possible architectures are surveyed in [33]. A variety of technology trends in computing power, communication speeds, programming languages, and security have made it worthwhile to investigate network programming interfaces that allow code to be downloaded into routers within the network and invoked by the packets passing through them. At the current time there are at least a dozen AN prototype architectures under development [34, 8, 22, 2, 19, 35], a few of which have released software. Our SwitchWare perspective was rst described in [16] and has been considerably re ned as we gained deeper insight into active networking. It was the rst active network prototype to be publically released, and is implemented largely in the Caml [12] dialect of the ML programming language, using the OCaml implementation. We were instigated to use Caml because of its success in several other distributed computing and networking projects such as Ensemble [15] and MMM [26]. We found ourselves able to achieve

[1]  John V. Guttag,et al.  ANTS: a toolkit for building and dynamically deploying network protocols , 1998, 1998 IEEE Open Architectures and Network Programming.

[2]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Jonathan M. Smith,et al.  Alien: a generalized computing model of active networks , 1998 .

[4]  William A. Arbaugh,et al.  The SwitchWare active network architecture , 1998, IEEE Netw..

[5]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[6]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[7]  John H. Hartman,et al.  Liquid Software: A New Paradigm for Networked Systems , 1996 .

[8]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[9]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[10]  Angelos D. Keromytis,et al.  Automated Recovery in a Secure Bootstrap Process , 1998, NDSS.

[11]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[12]  William Allen Simpson,et al.  Photuris: Session-Key Management Protocol , 1999, RFC.

[13]  Radia Perlman Interconnections: Bridges and Routers , 1992 .

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[16]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[17]  Carl A. Gunter,et al.  PLAN: a packet language for active networks , 1998, ICFP '98.

[18]  Marianne Shaw,et al.  Active bridging , 1997, SIGCOMM '97.

[19]  Angelos D. Keromytis,et al.  A secure active network environment architecture: realization in SwitchWare , 1998, IEEE Netw..

[20]  Sushil da Silva,et al.  TOWARDS PROGRAMMABLE NETWORKS , 1996 .

[21]  Frann Cois Rouaix A Web Navigator with Applets in Caml , 1996 .

[22]  G.J. Minden,et al.  A survey of active network research , 1997, IEEE Communications Magazine.

[23]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[24]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.