Location of Repository

The Price of Safety in an Active Network

By Scott Alexander, Kostas G. Anagnostakis, William A. Arbaugh, Angelos D. Keromytis, Jonathan M. Smith, Name D. Scott Alex, Name Kostas, Biography Kostas, G. Anagnostakis, G. Anagnostakis and M. S. E. Computer

Abstract

This paper makes two contributions. First, it describes the implementation of a solution, the Secure Active Network Environment (SANE), which is intended to operate on an active network router. The SANE architecture provides a secure bootstrap process, which includes cryptographic certificate exchange and results in execution of a module loader for introducing new code, as well as a packet execution environment. SANE thus permits a direct comparison of security implications of active packets (such as "capsules") with active extensions (used for "flows" of packets). The second contribution of the paper is a performance study using a combination of execution traces and end-to-end throughput measurements. The example code performs an "active ping" and allows us to break down costs into categories such as authentication. In our SANE implementation on 533 Mhz Alpha PCs, securing active packets effectively increases the time required to process a packet by a third. This result implies that the majority of packets must remain unauthenticated in high performance active networking solutions. We discuss some solutions which preserve security. 1. INTRODUCTIO

Year: 1999
OAI identifier: oai:CiteSeerX.psu:10.1.1.41.145
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.cs.purdue.edu/homes... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.