Securing the node of an active network.

摘要

Active networks aim to provide a software framework that enables network applications to customize the processing of their communication packets. Security is of critical importance to the success of active networking. This thesis presents a design and a description of the implementation for securing the node of an active network using active networking principles. The secure node architecture includes an active node operating system security API, an active security guardian, and quality of protection (QoP) provisions. The architecture supports highly customized and situational policies created by users and applications dynamically. It permits active nodes to satisfy the application-specific dynamic security and protection requirements. The secure node architecture can provide a fundamental base for securing the active network infrastructure.; In addition to the secure node architecture, this thesis also presents the analysis of secure information flow using a type system. Information flow control is concerned with the right of dissemination of information. Secure information flow properly restricts the propagation of sensitive cryptographic data beyond the security API to untrusted environments. The analysis demonstrates that the type system can ensure secure flow enforcement efficiently and therefore provide additional security assurance for active networks.; We describe the integration of secure node architecture into two active network software systems to demonstrate its flexible and innovative features and to present detailed performance results.