Active Security Support for Active Networks

IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews

Volumn 33, Issue 4, 2003, Pages 432-445

  Liu, Zhaoyu ^a   Campbell, Roy H ^b   Mickunas, M Dennis ^b  

^a UNIVERSITY OF NORTH CAROLINA AT CHARLOTTE   (United States)

^b University of Illinois at Urbana Champaign   (United States)

Author keywords

Active access control; Active capability; Active networks; Active security guardian; Quality of protection (QoP); Security API

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER OPERATING SYSTEMS; SECURITY OF DATA;

ACTIVE ACCESS CONTROL; SECURE NODE ARCHITECTURES;

PACKET NETWORKS;

EID: 0242489532     PISSN: 10946977     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSMCC.2003.818498     Document Type: Article

References (54)

1. D. Wetherall, U. Legedza, and J. Guttag, "Introducing new internet services: why and how," IEEE Network Mag., July/Aug. 1998.
2. D. S. Wallach, "A New Approach to Mobile Code Security," Ph.D. dissertation, Dept. Comput. Sci., Princeton Univ., Princeton, NJ, Jan. 1999.
3. T. Sander and C. F. Tschudin, "Protecting mobile agents against malicious hosts," Mobile Agent and Security, Lecture Notes in Computer Science, vol. 1419, pp. 44-60, 1998.
4. P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell, "The inevitability of failure: the flawed assumption of security in modern computing environments," in Proc. 21st National Information Systems Security Conf., Baltimore, MD, Oct. 1998, pp. 303-314.
5. Z. Liu, R. H. Campbell, and M. D. Mickunas, "Securing the node of an active network," in Active Middleware Services. S. Hariri, C. Lee, and C. Raghavendra, Eds. Boston, MA: Kluwer, Sept. 2000.
6. R. S. Sandhu and E. J. Coyne, "Role-based access control models," IEEE Computer, vol. 29, no. 2, Feb. 1996.
7. The SwitchWare Project Homepage at the University of Pennsylvania. [Online] Available http://www.cis.upenn.edu/̃switchware/
8. Z. Liu, P. Naldurg, S. Yi, T. Qian, R. H. Campbell, and M. D. Mickunas, "An agent based architecture for supporting application level security," in Proc. DARPA Information Survivability Conf. Expo. (DISCEX'00), vol. 1, Hilton Head Island, SC, Jan. 25-27, 2000, pp. 187-198.
9. L. Peterson et al., NodeOS interface specifications, AN NodeOS Working Group, Draft, 1999.
10. NSA Cross Organization CAPI Team, Security Service API: Cryptographic API Rec., 2nd ed., July 1996.
11. V. Samar and C. Lai, "Making login services independent from authentication technologies," in Proc. SunSoft Developer's Conf., Mar. 1996.
12. C. Adams and S. Farrell, Internet X.509 Public Key Infrastructure Certificates Management Protocols, RFC 2510, Mar. 1999.
13. T. Ryutov and C. Neuman, Access Control Framework for Distributed Applications, Mar. 2000, Internet-Draft.
14. J. Linn, Generic Security Service Application Program Interface, Ver. 2, RFC 2078, Jan. 1997.
15. C. Adams, Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API), RFC 2479, Dec. 1998.
16. The Interpreted Trusted Computer System Evaluation Criteria Requirements, National Computer Security Center. (1995, July). Available http://www.radium.ncsc.mil/tpep/library/tcsec/ITCSEC.ps [Online]
17. S. Murphy et al., Security Architecture for Active Nets, AN Security Working Group, July 15, 1998.
18. Z. Liu, M. D. Mickunas, and R. H. Campbell, "Secure information flow in mobile bootstrapping process," in Int. Workshop on Wireless Networks and Mobile Computing (With ICDCS 2000), Taipei, Taiwan, R.O.C., Apr. 2000.
19. J. Linn, The Kerberos Ver. 5 GSS-API Mechanism, RFC 1964, June 1996.
20. C. Adams, The Simple Public-Key GSS-API Mechanism (SPKM), RFC 2025, Oct. 1996.
21. E. Baize, S. Farrell, and T. Parker, The SESAME V5 GSS-API Mechanism, Internet Draft, Nov. 1996.
22. Z. Liu, "Securing the Node of an Active Network," Ph.D. dissertation, Dept. Comput. Sci., Univ. Illinois at Urbana-Champaign, Oct. 2001.
23. IAIK-JCE package. [Online] Available http://jcewww.iaik.tu-graz.ac.at/
24. Snacc for Java. [Online] Available http://www.alphaworks.ibm.com/tech/snaccforjava
25. R. Housley, W. Ford, W. Polk, and D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, Jan. 1999.
26. J. Nechvatal, E. Barker, L. Bassham, W. Burr, M. Dworkin, J. Foti, and E. Roback, "Report on the Development of the Advanced Encryption Standard (AES)," NIST, Oct. 2000.
27. C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers, "User authentication and authorization in the Java platform," in 15th Annu. Computer Security Applications Conf., Phoenix. AZ, Dec. 6-10, 1999.
28. T. Fraser, "An object-oriented framework for security policy representation," M.S. thesis, Dept. Comput. Sci., Univ. Illinois at Urbana-Champaign, Dec. 1996.
29. M. D. Abrams and J. D. Moffett, "A higher level of computer security through active policies," Comput. Security, vol. 14, no. 2, pp. 147-157, 1995.
30. D. Kozen, "Efficient Code Certification," Dept. Comput. Sci., Cornell Univ., Ithaca, NY, Tech. Rep. 98-1661, Jan. 1998.
31. F. Yelin, "Low-level security in Java," in WWW4 Conference, Dec. 1995.
32. G. C. Necula, "Proof-carrying code," in Principles of Programming Languages (POPL '97), Jan. 1997, pp. 106-119.
33. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, "Efficient software-based fault isolation," in SOSP '93.
34. D. Wetherall, J. Guttag, and D. Tennenhouse, "ANTS: a toolkit for building and dynamically deploying network protocols," in IEEE OPENARCH'98, San Francisco, CA, Apr. 1998.
35. R. H. Campbell, Z. Liu, M. D. Mickunas, P. Naldurg, and S. Yi, "Seraphim: dynamic interoperable security architecture for active networks," in IEEE OPENARCH 2000, Tel-Aviv, Israel, Mar. 26-27, 2000.
36. Z. Liu, R. H. Campbell, S. K. Varadarajan, P. Naldurg, S. Yi, and M. D. Mickunas, "Flexible secure multicasting in active networks," in Int. Workshop on Group Computation and Communications (With ICDCS 2000), Taipei, Taiwan, R.O.C., Apr. 2000.
37. Z. Liu, R. H. Campbell, and M. D. Mickunas, "Security as services in active networks," in Seventh IEEE Symp. Computers and Communications (ISCC '02), Taormina, Italy, July 2002.
38. S. Bhatt, A. V. Konstantinou, and S. R. Rajagopalan, "Managing security in dynamic networks," in 13th USENIX Systems Administration Conf. (LISA'99).
39. D. Evans and A. Twyman, "Flexible policy-directed code safety, " in IEEE Symp. Security and Privacy, Oakland, CA, May 9-12, 1999.
40. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis, The KeyNote Trust-Management System Ver. 2, RFC 1809, June 1995.
41. Secure Computing Corporation, "DTOS General System Security and Assurability Assessment Report,", Tech. Rep. MD A904-93-C-4209 CDRL A011, June 1997.
42. D. Mazières and M. F. Kaashoek, "Secure applications need flexible operating systems," in Proc. 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), Chatham, MA, May 1997, pp. 56-61.
43. S. Schwab, private communication.
44. R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau, "The Flask security architecture: system support for diverse security policies," in Proc. Eighth USENIX Security Symp., Aug. 1999, pp. 123-139.
45. S. E. Minear, "Providing policy control over object operations in a Mach based system," in Proc. Fifth USENIX UNIX Security Symp., June 1995, pp. 141-156.
46. S. Murphy, O. Gudmundsson, R. Mundy, and B. Wellington, "Retrofitting security into internet infrastructure protocols," in Proc. DARPA Information Survivability Conf. Expo. (DISCEX'00), vol. 1, Hilton Head Island, SC, Jan. 25-27, 2000, pp. 3-17.
47. A. B. Kulkarni and S. F. Bush, "Active network management and Kolmogorov complexity," in IEEE OPENARCH 2001 (Short Paper Session), Anchorage, AK, Apr. 2001.
48. S. Murphy, E. Lewis, R. Watson, and R. Yee, "Strong security for active networks," in IEEE OPENARCH 2001, Anchorage, AK, Apr. 2001.
49. D. Eastlake, Domain Name System Security Extensions, RFC 2535, Mar. 1999.
50. F. B. Schneider, "Enforceable security policies," ACM Trans. Inform. Syst. Security, vol. 3, no. 1, Feb. 2000.
51. P. E. Ammann and P. E. Black, "A specification-based coverage metric to evaluate test sets, international journal of reliability," Qual. Safety Eng., Dec. 2000.
52. P. E. Black, V. Okun, and Y. Yesha, "Mutation operators for specifications," in Proc. 15th Automated Software Engineering Conf. (ASE2000), Grenoble, France, Sept. 2000.
53. M. Clavel, F. Duran, S. Eker, J. Meseguer, and M.-O. Stehr, "Maude as a formal meta-tool," in FM'99 - Formal Methods, J. Wing and J. Woodcock, Eds. Berlin, Germany: Springer-Verlag, 1999, vol. 1709, Lecture Notes in Computer Science, pp. 1684-1703.
54. G. Denker, J. Meseguer, and C. Talcott, "Formal specification and analysis of active networks and communication protocols: the Maude experience," in Proc. DARPA Information Survivability Conf. Expo. (DISCEX'00), vol. 1, Hilton Head, South Carolina, Jan. 2000, pp. 251-265.