Abstract
Active networks aim to provide a software framework that enables network applications to customize the processing of their communications. Security is of critical importance to the success of active networking. This paper discusses the design of securing the node of an active network using active networking principles. The secure node architecture includes an Active Node Operating System Security API, an Active Security Guardian, and Quality of Protection (QoP) provisions. The architecture supports highly customized and situational policies created by users and applications dynamically. It permits active nodes to satisfy the application specific dynamic security and protection requirements. It aids the application of the “need-to-know” security principle and associates quality of protection with network software and application security. The secure node architecture can provide fundamental base for securing the active network infrastructure.
This research is supported by DARPA F30602-98-1-0192
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The SwitchWare Project Homepage http://www.cis.uperin.edu/~switchware/.
M. D. Abrams and J. D. Moffett. A higher level of computer security through active policies. Computer & Security, 14(2):147 – 157, 1995.
C. Adams. Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API). RFC 2479, December 1998.
Godmar Back, Patrick Tullmann, Leigh Stoller, Wilson C. Hsieh, and Jay Lepreau. Java operating systems: design and implementation. Technical Report 98—015, Department of Computer Science, University of Utah, August 1998.
K. Calvert et al. Architectural framework for active networks. AN Architecture Working Group, Draft, 1998.
Roy H. Campbell, Zhaoyu Liu, M. Dennis Mickunas, Prasad Naldurg, and Seung Yi. Seraphim: dynamic interoperable security architecture for active networks. In IEEE OPENARCH 2000, Tel-Aviv, Israel, March 26–27, 2000.
Roy H. Campbell, M. Dennis Mickunas, Tin Qian, and Zhaoyu Liu. An agent-based architecture for supporting application aware security. In the Workshop on Research Directions for the Next Generation Internet, May 1997.
Roy H. Campbell and Tin Qian. Dynamic agent-based security architecture for mobile computers. In the Second International Conference on Parallel and Distributed Computing and Networks, Brisbane, Australia, December 1998.
National Computer Security Center. The Interpreted Trusted Computer System Evaluation Criteria Requirements, July 1995. Also available at http://www.radium.ncsc.mil/tpep/library/tcsec/ITCSEC.ps.
David Evans and Andrew Twyman. Flexible policy-directed code safety. In IEEE Symposium on Security and Privacy, Oakland, CA, May 9–12,1999.
John Hartman, Larry Peterson, Andy Bavier, Peter Bigot, Patrick Bridges, Brady Montz, Rob Piltz, Todd Proebsting, and Oliver Spatscheck. Joust: A platform for liquid software. IEEE Computer, April 1999.
M. Frans Kaashoek, Dawson R. Engler, Gregory R. Ganger, Héctor M. Briceño, Russell Hunt, David Mazières, Thomas Pinckney, Robert Grimm, John Jannotti, and Kenneth Mackenzie. Application performance and flexibility on exokemel systems. In Proceedings of the 16th ACM Symposium on Operating Systems Principles (SOSP ′97), pages 52–65, Saint-Malô, France, October 1997.
Dexter Kozen. Efficient code certification. Technical Report 98-1661, Department of Computer Science, Cornell University, January 1998.
C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers. User authentication and authorization in the Java platform. In 15th Annual Computer Security Applications Conference Phoenix, AZ, December 6–10,1999.
J. Linn. Generic Security Service Application Program Interface, Version 2. RFC 2078, January 1997.
Zhaoyu Liu, Roy H. Campbell, Sudha K. Varadarajan, Prasad Naldurg, Seung Yi, and M. Dennis Mickunas. Flexible secure multicasting in active networks. In International Workshop on Group Computation and Communications, Taipei, Taiwan, April 2000.
Zhaoyu Liu, M. Dennis Mickunas, and Roy H. Campbell. Secure information flow in mobile bootstrapping process. In International Workshop on Wireless Networks and Mobile Computing, Taipei, Taiwan, April 2000.
Zhaoyu Liu, Prasad Naldurg, Seung Yi, Tin Qian, Roy H. Campbell, and M. Dennis Mickunas. An agent based architecture for supporting application level security. In the DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC, January 25–27, 2000.
David Mazières and M. Frans Kaashoek. Secure applications need flexible operating systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI),pages 56–61, Chatham, Cape Cod, Massachusetts, May 1997. IEEE Computer Society.
S. Merugu, S. Bhattachajee, E. Zegura, and K. Calvert. Bowman: A Node OS for active networks. In Proceedings of INFOCOM 2000, March 2000.
D. Mosberger and L. Peterson. Making paths explicit in the scout operating system. In Proceedings of OSDI ′96, pages 153–168, October 1996.
S. Murphy, O. Gudmundsson, R. Mundy, and B. Wellington. Retrofitting security into internet infrastructure protocols. In the DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC, January 25–27,2000.
Sandra Murphy et al. Security architecture for active nets. AN Security Working Group, July 15, 1998.
Klara Nahrstedt and Duangdao Wichadakul. QoS-aware active gateway for multimedia communication. In Proceedings of 6th International Workshop, IDMS ′99, Toulouse, France, October 1999. Lecture Notes in Computer Science 1718, Springer.
G. C. Necula. Proof-carrying code. In Principles of Programming Languages (POPL ′97), pages 106–119, January 1997.
T. Parker and D. Pinkas. Extended Generic Security Service APIs: XGSS-APIs Access control and delegation extensions. Internet-Draft, November 1998.
C. Partridge. Using the flow label field in IPv6. RFC 1809, June 1995.
L. Paterson et al. NodeOS interface specifications. AN NodeOS Working Group, Draft, 1999.
T. Ryutov and C. Neuman. Access Control Framework for Distributed Applications. Internet-Draft, March 2000.
T. Ryutov and C. Neuman. Representation and evaluation of security policies for distributed system services. In the DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC, January 25–27, 2000.
V. Samar and C. Lai. Making login services independent from authentication technologies. In Proceedings of the SunSoft Developer’s Conference, March 1996.
Tomas Sander and Christian F. Tschudin. Protecting mobile agents against malicious hosts. In Mobile Agent Security, LNCS 1419.1998.
R. S. Sandhu and E. J. Coyne. Role-based access control models. IEEE Computer, 29(2), February 1996.
NSA Cross Organization CAPI Team. Security Service API: Cryptographic API Recommendation, July 1996. Second Edition.
Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. In SOSP ′93.
Frank Yelin. Low-level security in Java. In WWW4 Conference, December 1995.
L. Zhang, S. E. Deering, D. Estrin, S. Shenker, and D. Zappala. RAVP: A new resource ReSerVation Protocol. IEEE Network Magazine, (5), 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer Science+Business Media New York
About this paper
Cite this paper
Liu, Z., Campbell, R.H., Mickunas, M.D. (2000). Securing the Node of an Active Network. In: Hariri, S., Lee, C.A., Raghavendra, C.S. (eds) Active Middleware Services. The Kluwer International Series in Engineering and Computer Science, vol 583. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-8648-1_11
Download citation
DOI: https://doi.org/10.1007/978-1-4419-8648-1_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4613-4657-9
Online ISBN: 978-1-4419-8648-1
eBook Packages: Springer Book Archive