Skip to main content

Towards Security Architecture for Future Active IP Networks

  • Chapter
  • 424 Accesses

Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT,volume 100)


Active networks allow user-controlled network programmability. A security framework has to assure that an active networks infrastructure will behave as expected and will efficiently deal with malicious attacks, unathorized attempts to execute active code etc. We present here a security architecture that is designed within the FAIN project and aims at supporting multiple heterogeneous execution environments. We argue for the pros and cons as well as why we have selected the specific components and also take a look at their interworking in order to provide the security services to the execution environments our active network node hosts.


  • Active Networks
  • Security Architecture
  • Active Packets
  • Security Management

The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35612-9_23


  1. ITU-T X.509 (2000) — ISO/IEC 9594–8:2000 - information technology - open systems interconnection -the directory: Public-key and attribute certificate frameworks. Final Draft International Standard, June 2000.

    Google Scholar 

  2. Fain project home page,

    Google Scholar 

  3. Active Network Working Group. Architectural Framework for Active Networks Version 1.1, december 2001.

    Google Scholar 

  4. Active Networks Security Working Group. Security Architecture for Active Nets, maj 2001.

    Google Scholar 

  5. D. Scott Alexander, William A. Arbaugh, Angelos D. Keromytis, and Jonathan M. Smith. Security in active networks. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems, Lecture Notes in Computer Science State-of-the-Art. Springer-Verlag, 2000.

    Google Scholar 

  6. D. Scott Alexander, Bob Braden, Carl A. Gunter, Alden W. Jackson, Angelos D. Keromytis, Gary J. Minden, and David Wetherall. Active network encapsulation protocol (anep). Active Network Group draft, july 1997.

    Google Scholar 

  7. Andrew W. Appel, Edward W. Felten, and Zhong Shao. Scaling proof-carrying codeto production compilers and security policies. whitepaper, January 1999.

    Google Scholar 

  8. Matt Blaze, Joan Feigenbaum, John Ioannidis, and Angelos D. Keromytis. RFC 2704: The KeyNote trust-management system, version 2, september 1999.

    Google Scholar 

  9. Li Gong. Java security architecture (JDK1. 2 ). Technical report, Sun Microsystems, oktober 1998.

    Google Scholar 

  10. Active Networks Working Group. SANTS Security Overview, May 2000.

    Google Scholar 

  11. H. Krawczyk, M. Bellare, and R. Canetti. Hmac: Keyed-hashing for message authentication. RFC2104, Informational, februar 1997.

    Google Scholar 

  12. Zhaoyu Liu, Prasad Naldurg, Seung Yi, Roy H. Campbell, and M. Dennis Mickunas. Seraphim: Dynamic interoperable security architecture for active networks. In Proceedings OpenArch 2000. University of Illinois, Urbana-Champagain, marec 2000.

    Google Scholar 

  13. Murphy S., Lewis E., Puga R., Watson R., and Yee R. Strong security for active networks. In IEEE OPENARCH 2001 Proceedings, april 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2002 IFIP International Federation for Information Processing

About this chapter

Cite this chapter

Gabrijelčič, D., Savanović, A., Blažič, B.J. (2002). Towards Security Architecture for Future Active IP Networks. In: Jerman-Blažič, B., Klobučar, T. (eds) Advanced Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 100. Springer, Boston, MA.

Download citation

  • DOI:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4757-4405-7

  • Online ISBN: 978-0-387-35612-9

  • eBook Packages: Springer Book Archive