Abstract
Programming the network infrastructure significantly enhances its flexibility and favors fast deployment of new protocols, but also introduces serious security risks. It is crucial to protect the whole distributed infrastructure, especially its availability in case of denial-of-service attacks. A security framework for programmable networks may provide security solutions at different levels of abstraction. Active networks mainly propose a network-layer approach, by extending the packet format to include security information. Mobile code technologies tend to provide security tools at the application layer to integrate with standard external infrastructures, such as public key ones. The paper describes the security frameworks of several programmable network proposals and points out the dis/advantages related to the adopted abstraction level. This comparison suggests to consider an integrated security framework capable of choosing the service-specific balance between application-layer flexibility and network efficiency. To this purpose, the paper presents the architecture of a Programmable Network Component (PNC) that integrates security solutions at different layers and that has been implemented by using a mobile agent programming environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aaron, R., Skillen, R. (eds.): Special Section on Electronic Commerce. IEEE Communications Magazine 37(9), 1999
Psounis, K.: Active Networks: Applications, Security, Safety, and Architectures. IEEE Communications Surveys. http://www.comsoc.org/pubs/surveys (1999)
Covaci, S. (ed.): Proc. 1st Int. Working Conference on Active Networks (IWAN.99). Lecture Notes on Computer Science, Vol. 1653. Springer-Verlag, Berlin Heidelberg New York (1999)
Amir, E., McCanne, S., Katz, R.: An Active Service Framework and its Application to Real-time Multimedia Transcoding. Computer Communication Review 28(4), 1998
Alexander, D. S., et al.: Active Network Encapsulation Protocol (ANEP). RFC draft (1997)
Oppliger, R.: Security at the Internet Layer. IEEE Computer Magazine 31(9), 1998
Bellavista, P., Corradi, A., Stefanelli, C.: Protection and Interoperability for Mobile Agents: A Secure and Open Programming Environment. IEICE Transactions on Communications, IEICE/IEEE Special Issue on Autonomous Decentralized Systems E83-B(5), 2000
Schneier, B.: Cryptographic Design Vulnerabilities. IEEE Computer Magazine 31(9), 1998
Ford, W., Baum, M. S.: Secure Electronic Commerce — Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall (1997)
Blaze, M., et al.: The Role of Trust Management in Distributed Systems Security. Secure Internet Programming: Issues in Distributed and Mobile Object Systems. Lecture Notes on Computer Science. Springer-Verlag, Berlin Heidelberg New York (1999)
Wang, P. Y., Yemini, Y., Florissi, D., Zinky, J.: A Distributed Resource Controller for QoS Applications. IEEE/IFIP Network Operations and Management Symposium (2000)
Alexander, D. S., et al.: A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network Magazine 12(3), 1998
Schwartz, B., et al.: Smart Packets for Active Networks. 2nd IEEE Conference on Open Architectures and Network Programming (1999)
Gong, L.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley (1999)
Raz, D., Shavitt, Y.: Active Networks for Efficient Distributed Network Management. IEEE Communications Magazine 38(3), 2000
Putzolu, D., Bakshi, S., Yadav, S., Yavatkar, R.: The Phoenix Framework: A Practical Architecture for Programmable Networks. IEEE Communications Magazine 38(3), 2000
Entrust, Entrust Technologies Inc. — http://developer.entrust.com/
Damianou, N., et al.: Ponder: A Language for specifying Security and Management Policies for Distributed Systems, V 2.0. Imperial College Research Report DoC, 2000
Gordon, R.: Essential Java Native Interface. Prentice Hall (1998)
Sun Microsystems — Java Virtual Machine Profiler Interface (JVMPI), http://java.sun.com/ products/jdk/1.3/docs/guide/jvmpi/jvmpi.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellavista, P., Corradi, A., Montanari, R., Stefanelli, C. (2000). Security in Programmable Network Infrastructures: The Integration of Network and Application Solutions. In: Yasuda, H. (eds) Active Networks. IWAN 2000. Lecture Notes in Computer Science, vol 1942. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-40057-5_20
Download citation
DOI: https://doi.org/10.1007/3-540-40057-5_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41179-6
Online ISBN: 978-3-540-40057-8
eBook Packages: Springer Book Archive