A secure active network environment architecture: realization in SwitchWare

An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research....

Full description

Saved in:
Bibliographic Details
Published in:IEEE network 1998-05, Vol.12 (3), p.37-45
Main Authors: Alexander, D.S., Arbaugh, W.A., Keromytis, A.D., Smith, J.M.
Format: Article
Language:English
Subjects:
Access protocols
Authentication
Collaboration
Communication switching
Computer architecture
Computer networks
Cybersecurity
Functional programming
Intelligent networks
IP networks
Proposals
Switches
Web and internet services
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, since the integrity of network-level solutions will be based on trust in the network elements. In this article we describe the architecture and implementation of a secure active network environment (SANE), which we believe provides a basis for implementing secure network-level solutions. We guarantee that a node begins operation in a trusted state with the AEGIS secure bootstrap architecture. We guarantee that the system remains in a trusted state by applying dynamic integrity checks in the network element's runtime system, using a novel naming system, and applying node-to-node authentication when needed. The construction of an extended LAN is discussed.
ISSN:0890-8044
1558-156X
DOI:10.1109/65.690960