A Secure PLAN (Extended Version)

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Hicks Articles by Angelos D. Keromytis Articles by Johnathan M. Smith

2002 DARPA Active Networks Conference and Exposition (DANCE'02)

San Francisco, CA

May 29-May 30

ISBN: 0-7695-1564-9

	ASCII Text	x
	Michael Hicks, Angelos D. Keromytis, Johnathan M. Smith, "A Secure PLAN (Extended Version)," DARPA Active Networks Conference and Exposition, pp. 224, 2002 DARPA Active Networks Conference and Exposition (DANCE'02), 2002.

	BibTex	x
	@article{ 10.1109/DANCE.2002.1003496, author = {Michael Hicks and Angelos D. Keromytis and Johnathan M. Smith}, title = {A Secure PLAN (Extended Version)}, journal ={DARPA Active Networks Conference and Exposition}, volume = {0}, year = {2002}, isbn = {0-7695-1564-9}, pages = {224}, doi = {http://doi.ieeecomputersociety.org/10.1109/DANCE.2002.1003496}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - DARPA Active Networks Conference and Exposition TI - A Secure PLAN (Extended Version) SN - 0-7695-1564-9 SP EP A1 - Michael Hicks, A1 - Angelos D. Keromytis, A1 - Johnathan M. Smith, PY - 2002 VL - 0 JA - DARPA Active Networks Conference and Exposition ER -

Michael Hicks

Angelos D. Keromytis

Johnathan M. Smith

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DANCE.2002.1003496

Active Networks promise greater flexibility than current networks, but threaten safety and security by virtue of their programmability. In this paper, we describe the design and implementation of a security architecture for the active network PLANet [22]. Security is obtained with a two-level architecture that combines a functionally restricted packet language, PLAN [20], with an environment of general-purpose service routines governed by trust management [11]. In particular, we employ a technique, which expands or contracts a packet's service environment based on its level of privilege, termed namespace-based security. As an application of our security architecture, we present the design and implementation of an active-network fire-wall. We find that the addition of the firewall imposes an approximately 34% latency overhead and as little as a 6.7% space overhead to incoming packets.

Citation:

Michael Hicks, Angelos D. Keromytis, Johnathan M. Smith, "A Secure PLAN (Extended Version)," dance, pp.224, 2002 DARPA Active Networks Conference and Exposition (DANCE'02), 2002

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.