Security in Programmable Network Infrastructures: The Integration of Network and Application Solutions

  • Paolo Bellavista
  • Antonio Corradi
  • Rebecca Montanari
  • Cesare Stefanelli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1942)


Programming the network infrastructure significantly enhances its flexibility and favors fast deployment of new protocols, but also introduces serious security risks. It is crucial to protect the whole distributed infrastructure, especially its availability in case of denial-of-service attacks. A security framework for programmable networks may provide security solutions at different levels of abstraction. Active networks mainly propose a network-layer approach, by extending the packet format to include security information. Mobile code technologies tend to provide security tools at the application layer to integrate with standard external infrastructures, such as public key ones. The paper describes the security frameworks of several programmable network proposals and points out the dis/advantages related to the adopted abstraction level. This comparison suggests to consider an integrated security framework capable of choosing the service-specific balance between application-layer flexibility and network efficiency. To this purpose, the paper presents the architecture of a Programmable Network Component (PNC) that integrates security solutions at different layers and that has been implemented by using a mobile agent programming environment.


Mobile Agent Network Infrastructure Programmable Network Security Solution Security Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aaron, R., Skillen, R. (eds.): Special Section on Electronic Commerce. IEEE Communications Magazine 37(9), 1999Google Scholar
  2. 2.
    Psounis, K.: Active Networks: Applications, Security, Safety, and Architectures. IEEE Communications Surveys. (1999)
  3. 3.
    Covaci, S. (ed.): Proc. 1st Int. Working Conference on Active Networks (IWAN.99). Lecture Notes on Computer Science, Vol. 1653. Springer-Verlag, Berlin Heidelberg New York (1999)Google Scholar
  4. 4.
    Amir, E., McCanne, S., Katz, R.: An Active Service Framework and its Application to Real-time Multimedia Transcoding. Computer Communication Review 28(4), 1998Google Scholar
  5. 5.
    Alexander, D. S., et al.: Active Network Encapsulation Protocol (ANEP). RFC draft (1997)Google Scholar
  6. 6.
    Oppliger, R.: Security at the Internet Layer. IEEE Computer Magazine 31(9), 1998Google Scholar
  7. 7.
    Bellavista, P., Corradi, A., Stefanelli, C.: Protection and Interoperability for Mobile Agents: A Secure and Open Programming Environment. IEICE Transactions on Communications, IEICE/IEEE Special Issue on Autonomous Decentralized Systems E83-B(5), 2000Google Scholar
  8. 8.
    Schneier, B.: Cryptographic Design Vulnerabilities. IEEE Computer Magazine 31(9), 1998Google Scholar
  9. 9.
    Ford, W., Baum, M. S.: Secure Electronic Commerce — Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall (1997)Google Scholar
  10. 10.
    Blaze, M., et al.: The Role of Trust Management in Distributed Systems Security. Secure Internet Programming: Issues in Distributed and Mobile Object Systems. Lecture Notes on Computer Science. Springer-Verlag, Berlin Heidelberg New York (1999)Google Scholar
  11. 11.
    Wang, P. Y., Yemini, Y., Florissi, D., Zinky, J.: A Distributed Resource Controller for QoS Applications. IEEE/IFIP Network Operations and Management Symposium (2000)Google Scholar
  12. 12.
    Alexander, D. S., et al.: A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine 12(3), 1998Google Scholar
  13. 13.
    Schwartz, B., et al.: Smart Packets for Active Networks. 2nd IEEE Conference on Open Architectures and Network Programming (1999)Google Scholar
  14. 14.
    Gong, L.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley (1999)Google Scholar
  15. 15.
    Raz, D., Shavitt, Y.: Active Networks for Efficient Distributed Network Management. IEEE Communications Magazine 38(3), 2000Google Scholar
  16. 16.
    Putzolu, D., Bakshi, S., Yadav, S., Yavatkar, R.: The Phoenix Framework: A Practical Architecture for Programmable Networks. IEEE Communications Magazine 38(3), 2000Google Scholar
  17. 18.
    Entrust, Entrust Technologies Inc. —
  18. 19.
    Damianou, N., et al.: Ponder: A Language for specifying Security and Management Policies for Distributed Systems, V 2.0. Imperial College Research Report DoC, 2000Google Scholar
  19. 20.
    Gordon, R.: Essential Java Native Interface. Prentice Hall (1998)Google Scholar
  20. 21.
    Sun Microsystems — Java Virtual Machine Profiler Interface (JVMPI), products/jdk/1.3/docs/guide/jvmpi/jvmpi.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Paolo Bellavista
    • 1
  • Antonio Corradi
    • 1
  • Rebecca Montanari
    • 1
  • Cesare Stefanelli
    • 2
  1. 1.Dipartimento di Elettronica, Informatica e SistemisticaUniversitá di BolognaBolognaItaly
  2. 2.Dipartimento di IngegneriaUniversitá di FerraraFerraraItaly

Personalised recommendations