Loading…
A secure active network environment architecture: realization in SwitchWare
An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research....
Saved in:
| Published in: | IEEE network 1998-05, Vol.12 (3), p.37-45 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083 |
| container_end_page | 45 |
| container_issue | 3 |
| container_start_page | 37 |
| container_title | IEEE network |
| container_volume | 12 |
| creator | Alexander, D.S. Arbaugh, W.A. Keromytis, A.D. Smith, J.M. |
| description | An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, since the integrity of network-level solutions will be based on trust in the network elements. In this article we describe the architecture and implementation of a secure active network environment (SANE), which we believe provides a basis for implementing secure network-level solutions. We guarantee that a node begins operation in a trusted state with the AEGIS secure bootstrap architecture. We guarantee that the system remains in a trusted state by applying dynamic integrity checks in the network element's runtime system, using a novel naming system, and applying node-to-node authentication when needed. The construction of an extended LAN is discussed. |
| doi_str_mv | 10.1109/65.690960 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_690960</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>690960</ieee_id><sourcerecordid>26775599</sourcerecordid><originalsourceid>FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083</originalsourceid><addsrcrecordid>eNqF0D1LA0EQBuBFFIzRwtbqsBAsLs5-3e3aheAXBixUtDs2mzmy8XIXd_cS9Nd7IcHCxmpg5uGFeQk5pTCgFPRVJgeZBp3BHulRKVVKZfa-T3qgNKQKhDgkRyHMAaiQnPXI4zAJaFuPibHRrTCpMa4b_5FgvXK-qRdYx8R4O3MRbezcdeLRVO7bRNfUiauT57WLdvZmPB6Tg9JUAU92s09eb29eRvfp-OnuYTQcp5bnEFMsGaAtLQI3IAUtJ9Yi1cZqzqflVOSUSc1KNrEKuBLdlmNOhRVGUpaD4n1ysc1d-uazxRCLhQsWq8rU2LShYErxnEL-P8zyXEqtO3j-B86b1tfdEwVjXGZcZZu0yy2yvgnBY1ksvVsY_1VQKDblF5kstuV39mxrHSL-ut3xBywBfo0</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>223563867</pqid></control><display><type>article</type><title>A secure active network environment architecture: realization in SwitchWare</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Alexander, D.S. ; Arbaugh, W.A. ; Keromytis, A.D. ; Smith, J.M.</creator><creatorcontrib>Alexander, D.S. ; Arbaugh, W.A. ; Keromytis, A.D. ; Smith, J.M.</creatorcontrib><description>An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, since the integrity of network-level solutions will be based on trust in the network elements. In this article we describe the architecture and implementation of a secure active network environment (SANE), which we believe provides a basis for implementing secure network-level solutions. We guarantee that a node begins operation in a trusted state with the AEGIS secure bootstrap architecture. We guarantee that the system remains in a trusted state by applying dynamic integrity checks in the network element's runtime system, using a novel naming system, and applying node-to-node authentication when needed. The construction of an extended LAN is discussed.</description><identifier>ISSN: 0890-8044</identifier><identifier>EISSN: 1558-156X</identifier><identifier>DOI: 10.1109/65.690960</identifier><identifier>CODEN: IENEET</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Access protocols ; Authentication ; Collaboration ; Communication switching ; Computer architecture ; Computer networks ; Cybersecurity ; Functional programming ; Intelligent networks ; IP networks ; Proposals ; Switches ; Web and internet services</subject><ispartof>IEEE network, 1998-05, Vol.12 (3), p.37-45</ispartof><rights>Copyright Institute of Electrical and Electronics Engineers, Inc. (IEEE) May 1998</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083</citedby><cites>FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/690960$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,54796</link.rule.ids></links><search><creatorcontrib>Alexander, D.S.</creatorcontrib><creatorcontrib>Arbaugh, W.A.</creatorcontrib><creatorcontrib>Keromytis, A.D.</creatorcontrib><creatorcontrib>Smith, J.M.</creatorcontrib><title>A secure active network environment architecture: realization in SwitchWare</title><title>IEEE network</title><addtitle>NET-M</addtitle><description>An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, since the integrity of network-level solutions will be based on trust in the network elements. In this article we describe the architecture and implementation of a secure active network environment (SANE), which we believe provides a basis for implementing secure network-level solutions. We guarantee that a node begins operation in a trusted state with the AEGIS secure bootstrap architecture. We guarantee that the system remains in a trusted state by applying dynamic integrity checks in the network element's runtime system, using a novel naming system, and applying node-to-node authentication when needed. The construction of an extended LAN is discussed.</description><subject>Access protocols</subject><subject>Authentication</subject><subject>Collaboration</subject><subject>Communication switching</subject><subject>Computer architecture</subject><subject>Computer networks</subject><subject>Cybersecurity</subject><subject>Functional programming</subject><subject>Intelligent networks</subject><subject>IP networks</subject><subject>Proposals</subject><subject>Switches</subject><subject>Web and internet services</subject><issn>0890-8044</issn><issn>1558-156X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>1998</creationdate><recordtype>article</recordtype><recordid>eNqF0D1LA0EQBuBFFIzRwtbqsBAsLs5-3e3aheAXBixUtDs2mzmy8XIXd_cS9Nd7IcHCxmpg5uGFeQk5pTCgFPRVJgeZBp3BHulRKVVKZfa-T3qgNKQKhDgkRyHMAaiQnPXI4zAJaFuPibHRrTCpMa4b_5FgvXK-qRdYx8R4O3MRbezcdeLRVO7bRNfUiauT57WLdvZmPB6Tg9JUAU92s09eb29eRvfp-OnuYTQcp5bnEFMsGaAtLQI3IAUtJ9Yi1cZqzqflVOSUSc1KNrEKuBLdlmNOhRVGUpaD4n1ysc1d-uazxRCLhQsWq8rU2LShYErxnEL-P8zyXEqtO3j-B86b1tfdEwVjXGZcZZu0yy2yvgnBY1ksvVsY_1VQKDblF5kstuV39mxrHSL-ut3xBywBfo0</recordid><startdate>19980501</startdate><enddate>19980501</enddate><creator>Alexander, D.S.</creator><creator>Arbaugh, W.A.</creator><creator>Keromytis, A.D.</creator><creator>Smith, J.M.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>19980501</creationdate><title>A secure active network environment architecture: realization in SwitchWare</title><author>Alexander, D.S. ; Arbaugh, W.A. ; Keromytis, A.D. ; Smith, J.M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>1998</creationdate><topic>Access protocols</topic><topic>Authentication</topic><topic>Collaboration</topic><topic>Communication switching</topic><topic>Computer architecture</topic><topic>Computer networks</topic><topic>Cybersecurity</topic><topic>Functional programming</topic><topic>Intelligent networks</topic><topic>IP networks</topic><topic>Proposals</topic><topic>Switches</topic><topic>Web and internet services</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Alexander, D.S.</creatorcontrib><creatorcontrib>Arbaugh, W.A.</creatorcontrib><creatorcontrib>Keromytis, A.D.</creatorcontrib><creatorcontrib>Smith, J.M.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEL</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE network</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Alexander, D.S.</au><au>Arbaugh, W.A.</au><au>Keromytis, A.D.</au><au>Smith, J.M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A secure active network environment architecture: realization in SwitchWare</atitle><jtitle>IEEE network</jtitle><stitle>NET-M</stitle><date>1998-05-01</date><risdate>1998</risdate><volume>12</volume><issue>3</issue><spage>37</spage><epage>45</epage><pages>37-45</pages><issn>0890-8044</issn><eissn>1558-156X</eissn><coden>IENEET</coden><abstract>An active network is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of active network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, since the integrity of network-level solutions will be based on trust in the network elements. In this article we describe the architecture and implementation of a secure active network environment (SANE), which we believe provides a basis for implementing secure network-level solutions. We guarantee that a node begins operation in a trusted state with the AEGIS secure bootstrap architecture. We guarantee that the system remains in a trusted state by applying dynamic integrity checks in the network element's runtime system, using a novel naming system, and applying node-to-node authentication when needed. The construction of an extended LAN is discussed.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/65.690960</doi><tpages>9</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0890-8044 |
| ispartof | IEEE network, 1998-05, Vol.12 (3), p.37-45 |
| issn | 0890-8044 1558-156X |
| language | eng |
| recordid | cdi_ieee_primary_690960 |
| source | IEEE Electronic Library (IEL) Journals |
| subjects | Access protocols Authentication Collaboration Communication switching Computer architecture Computer networks Cybersecurity Functional programming Intelligent networks IP networks Proposals Switches Web and internet services |
| title | A secure active network environment architecture: realization in SwitchWare |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T21%3A02%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20secure%20active%20network%20environment%20architecture:%20realization%20in%20SwitchWare&rft.jtitle=IEEE%20network&rft.au=Alexander,%20D.S.&rft.date=1998-05-01&rft.volume=12&rft.issue=3&rft.spage=37&rft.epage=45&rft.pages=37-45&rft.issn=0890-8044&rft.eissn=1558-156X&rft.coden=IENEET&rft_id=info:doi/10.1109/65.690960&rft_dat=%3Cproquest_ieee_%3E26775599%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c370t-ef20ecfce03a0541fbcce19ac933dfd4712592f2bc803849333e714c4a5127083%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=223563867&rft_id=info:pmid/&rft_ieee_id=690960&rfr_iscdi=true |