tailieunhanh - Security in Active Networks

Tham khảo tài liệu 'security in active networks', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | Security in Active Networks D. Scott Alexander1 William A. Arbaugh2 Angelos D. Keromytis2 and Jonathan M. Smith2 1 Bell Labs Lucent Technologies 600 Mountain Avenue Murray Hill NH 07974 USA 2 Distributed Systems Lab CIS Department University of Pennsylvania 200 s. 33rd Str. Philadelphia PA 19104 USA waa angelos jms @ Abstract. The desire for flexible networking services has given rise to the concept of active networks. Active networks provide a general framework for designing and implementing network-embedded services typically by means of a programmable network infrastructure. A programmable network infrastructure creates significant new challenges for securing the network infrastructure. This paper begins with an overview of active networking. It then moves to security issues beginning with a threat model for active networking moving through an enumeration of the challenges for system designers and ending with a survey of approaches for meeting those challenges. The Secure Active Networking Environment SANE realizes many of these approaches an implementation exists and provides acceptable performance for even the most aggressive active networking proposals such as active packets sometimes called capsules . We close the paper with a discussion of open problems and an attempt to prioritize them. 1 What is Active Networking In networking architectures a design choice can be made between 1. Restricting the actions of the network infrastructure to transport and 2. easing those restrictions to permit on-the-fly customization of the network infrastructure. The data-transport model which has been successfully applied in the IP Internet and other networks is called passive networking since the infrastructure . IP routers is mostly indifferent to the packets passing through and their actions forwarding and routing cannot be directly influenced by users. This is not to say that the switches do not perform complex computations