Skip to main content
SpringerLink
Log in

Security in Active Networks

  • Chapter
Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

Abstract

The desire for flexible networking services has given rise to the concept of “active networks.” Active networks provide a general framework for designing and implementing network-embedded services, typically by means of a programmable network infrastructure. A programmable network infrastructure creates significant new challenges for securing the network infrastructure.

This paper begins with an overview of active networking. It then moves to security issues, beginning with a threat model for active networking, moving through an enumeration of the challenges for system designers, and ending with a survey of approaches for meeting those challenges. The Secure Active Networking Environment (SANE) realizes many of these approaches; an implementation exists and provides acceptable performance for even the most aggressive active networking proposals such as active packets (sometimes called “capsules”).

We close the paper with a discussion of open problems and an attempt to prioritize them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. S. Alexander. ALIEN: A Generalized Computing Model of Active Networks. PhD thesis, University of Pennsylvania, September 1998.

    Google Scholar 

  2. D. S. Alexander, W. A. Arbaugh, M. Hicks, P. Kakkar, A. D. Keromytis, J. T. Moore, C. A. Gunter, S. M. Nettles, and J. M. Smith. The Switch Ware Active Network Architecture. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):29–36, 1998.

    Google Scholar 

  3. D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3):37–45, 1998.

    Google Scholar 

  4. D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. Safety and Security of Programmable Network Infrastructures. IEEE Communications Magazine, 36(10):84–92, 1998.

    Article  Google Scholar 

  5. W. A. Arbaugh, D. J. Farber, and J. M. Smith. A Secure and Reliable Bootstrap Architecture. In Proceedings 1997 IEEE Symposium on Security and Privacy, pages 65–71, May 1997.

    Google Scholar 

  6. W. A. Arbaugh, A. D. Keromytis, D. J. Farber, and J. M. Smith. Automated Recovery in a Secure Bootstrap Process. In Proceedings of Network and Distributed System Security Symposium, pages 155–167. Internet Society, March 1998.

    Google Scholar 

  7. W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. DHCP++: Applying an efficient implementation method for fail-stop cryptographic protocols. In Proceedings of Global Internet (GlobeCom)’ 98, November 1998.

    Google Scholar 

  8. R. Atkinson. Security Architecture for the Internet Protocol. RFC 1825, August 1995.

    Google Scholar 

  9. B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. Fiuczynski, D. Becker, S. Eggers, and C. Chambers. Extensibility, safety and performance in the spin operating system. In Proc. 15th SOSP, pages 267–284, December 1995.

    Google Scholar 

  10. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The KeyNote Trust-Management System. Work in Progress, http://www.cis.upenn.edu/~angelos/keynote.html, June 1998.

  11. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming [60].

    Google Scholar 

  12. R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin. Resource ReSerVation Protocol (RSVP)-Version 1 Functional Specification. Internet RFC 2208, 1997.

    Google Scholar 

  13. J. S. Chase, H. M. Levy, M. J. Feeley, and E. D. Lazowska. Sharing and Protection in a Single-Address-Space Operating System. In ACM Transactions on Computer systems, November 1994.

    Google Scholar 

  14. Paul Christopher Clark. BITS: A Smartcard Protected Operating System. PhD thesis, George Washington University, 1994.

    Google Scholar 

  15. Consultation Committee. X.509: The Directory Authentication Framework. International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.

    Google Scholar 

  16. Daemon9, Route, and Infinity. Project neptune. Phrack Magazine, 7(48), 1996.

    Google Scholar 

  17. S. E. Deering. Host extensions for IP multicasting. Internet RFC 1112, 1989.

    Google Scholar 

  18. W. Diffie and M.E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, Nov 1976.

    Article  MathSciNet  Google Scholar 

  19. W. Diffie, P.C. van Oorschot, and M.J. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.

    Article  Google Scholar 

  20. DOD. Trusted Computer System Evaluation Criteria. Technical Report DOD 5200.28-STD, Department of Defense, December 1985.

    Google Scholar 

  21. L. Gong. A Security Risk of Depending on Synchronized Clocks. ACM Operating Systems Review, 26(1), January 1992.

    Google Scholar 

  22. L. Gong and R. Schemers. Implementing Protection Domains in the Java Development Kit 1.2. In Proc. of Network and Distributed System Security Symposium (NDSS), pages 125–134, March 1998.

    Google Scholar 

  23. James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison Wesley, Reading, 1996.

    MATH  Google Scholar 

  24. R. Grimm and B. Bershad. Providing policy neutral and transparent access control in extensible systems. In Secure Internet Programming [60].

    Google Scholar 

  25. Hermann Härtig, Oliver Kowalski, and Winfried Kühnhauser. The Birlix security architecture. Journal of Computer Security, 2(1):5–21, 1993.

    Google Scholar 

  26. C. Hawblitzel, C. Chang, and G. Czajkowski. Implementing Multiple Protection Domains in Java. In Proc. of the 1998 USENIX Annual Technical Conference, pages 259–270, June 1998.

    Google Scholar 

  27. M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunter, and S. Nettles. PLAN: A Programming Language for Active Networks. Technical Report MS-CIS-98-25, Department of Computer and Information Science, University of Pennsylvania, February 1998.

    Google Scholar 

  28. Mike W. Hicks and Jonathan T. Moore. PLAN Web Page. http://www.cis.upenn.edu/~switchware/PLAN/.

  29. C. A. R. Hoare. Communicating Sequential Processes. Communications of the ACM, 21(8):666–677, August 1978.

    Article  MATH  MathSciNet  Google Scholar 

  30. C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1984.

    Google Scholar 

  31. B. Lampson and R. Rivest. Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure. Technical report, MIT, 1997.

    Google Scholar 

  32. Butler Lampson, Martin Abadi, and Michael Burrows. Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems, v10:265–310, November 1992.

    Article  Google Scholar 

  33. X. Leroy and F. Rouaix. Security properties of typed applets. In Secure Internet Programming [60].

    Google Scholar 

  34. Xavier Leroy. The Caml Special Light System (Release 1.10). http://pauillac.inria.fr/ocaml.

    Google Scholar 

  35. I. M. Leslie, D. McAuley, R. Black, T. Roscoe, P. Barham, D. Evers, R. Fair-bairns, and E. Hyden. The Design and Implementation of an Operating System to Support Distributed Multimedia Applications. IEEE Journal on Selected Areas in Communications, 14(7):1280–1297, September 1996.

    Article  Google Scholar 

  36. J. Y. Levy, J. K. Ousterhout, and B. B. Welch. The Safe-Tcl Security Model. In Proc. of the 1998 USENIX Annual Technical Conference, pages 271–282, June 1998.

    Google Scholar 

  37. François Louaix. A Web Navigator with Applets in Caml. In Fifth WWW Conference, 1996.

    Google Scholar 

  38. D.D. Clark M.D. Schroeder and J.H. Saltzer. The MULTICS Kernel Design Project. In Sixth ACM Symposium on Operating Systems Principles, pages 43–56, 1977.

    Google Scholar 

  39. R. Milner, M. Tofte, and R. Harper. The Definition of Standard ML. MIT Press, 1990.

    Google Scholar 

  40. A. B. Montz, D. Mosberger, S. W. O’Malley, L. L. Peterson, T. A. Proebsting, and J. H. Hartman. Scout: A communications-oriented operating system. Technical report, Department of Computer Science, University of Arizona, June 1994.

    Google Scholar 

  41. J. Moore. Mobile Code Security Techniques. Technical Report MS-CIS-98-28, University of Pennsylvania, May 1998.

    Google Scholar 

  42. G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to Typed Assembly Language. In Proc. of the 25th ACM Symposium on Principles of Programming Languages, January 1998.

    Google Scholar 

  43. Data Encryption Standard, January 1977.

    Google Scholar 

  44. George C. Necula. Proof-Carrying Code. In Proceedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 106–119. ACM Press, New York, January 1997.

    Chapter  Google Scholar 

  45. George C. Necula and Peter Lee. Safe Kernel Extensions Without Run-Time Checking. In Second Symposium on Operating System Design and Implementation (OSDI), pages 229–243. Usenix, Seattle, 1996.

    Google Scholar 

  46. Peter G. Neumann. Architectures and Formal Representations for Secure Systems. Final Report. SRI Project 6401 A002, SRI International, October 1995.

    Google Scholar 

  47. R. De Nicola, G. L. Ferrari, and R. Pugliese. Types as specifications of access policies. In Secure. Internet Programming [60].

    Google Scholar 

  48. Digital Signature Standard, May 1994.

    Google Scholar 

  49. Secure Hash Standard, April 1995. Also known as: 59 Fed Reg 35317 (1994).

    Google Scholar 

  50. Cracker Attack Paralyzes PANIX. RISKS Digest. Volume 18. Issue 45., September 1996.

    Google Scholar 

  51. C. Partridge and A. Jackson. Smart Packets. Technical report, BBN, 1996. http://www.net-tech.bbn.com-/smtpkts/smtpkts-index.html.

  52. Jon Postel. User Datagram Protocol. Internet RFC 768, 1980.

    Google Scholar 

  53. Jon Postel. Internet Protocol. Internet RFC 791, 1981.

    Google Scholar 

  54. J. H. Saltzer. Protection and the Control of Information Sharing in Multics. In Communications of the ACM, pages 388–402, July 1974.

    Google Scholar 

  55. M. D. Schroeder. Cooperation of Mutually Suspicious Subsystems in a Computer Utility. PhD thesis, MIT, September 1972.

    Google Scholar 

  56. M.D. Schroeder. Engineering a Security Kernel for MULTICS. In Fifth Symposium on Operating Systems Principles, pages 125–132, November 1975.

    Google Scholar 

  57. J. M. Smith, D. J. Farber, C. A. Gunter, S. M Nettles, D. C. Feldmeier, and W. D. Sincoskie. Switch Ware: Accelerating Network Evolution. Technical Report MS-CIS-96-38, CIS Dept. University of Pennsylvania, 1996.

    Google Scholar 

  58. P. Syverson. A Taxonomy of Replay Attacks. In Proceedings of the Computer Security Foundations Workshop VII (CSFW7), June 1994.

    Google Scholar 

  59. J.D. Tygar and Bennet Yee. DYAD: A System for Using Physically Secure Coprocessors. Technical Report CMU-CS-91-140R, Carnegie Mellon University, May 1991.

    Google Scholar 

  60. Jan Vitek and Christian Jensen. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.

    Google Scholar 

  61. T. von Eicken. J-kernel a capability based operating system for java. In Secure Internet Programming [60].

    Google Scholar 

  62. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In Proc. of the 14th Symposium on Operating System Principles, pages 203–216, December 1993.

    Google Scholar 

  63. Ian Wakeman, Alan Jeffrey, Rory Graves, and Tim Owen. Designing a Programming Language for Active Networks, submitted to Hipparch special issue of Network and ISDN Systems, June 1998. http://www.cogs.susx.ac.uk/projects/-safetynet/papers/isdn.ps.gz.

  64. David J. Wetherall, John Guttag, and David L. Tennenhouse. Ants: A toolkit for building and dynamically deploying network protocols. In IEEE OpenArch Proceedings. IEEE Computer Society Press, Los Alamitos, April 1998.

    Google Scholar 

  65. Bennet Yee. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, 1994.

    Google Scholar 

  66. P. Zimmerman. PGP User’s Manual, 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bell Labs, Lucent Technologies, 600 Mountain Avenue, Murray Hill, NJ, 07974, USA

    D. Scott Alexander

  2. Distributed Systems Lab, CIS Department University of Pennsylvania, 200 S. 33rd Str., Philadelphia, PA, 19104, USA

    William A. Arbaugh, Angelos D. Keromytis & Jonathan M. Smith

Authors
  1. D. Scott Alexander
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William A. Arbaugh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Angelos D. Keromytis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jonathan M. Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Smith, J.M. (1999). Security in Active Networks. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_20

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation