Abstract
This paper analyzes the security requirements and problems with which active nodes are confronted, and proposes a general security management subsystem in Active Network NodeOS. The subsystem implements through four functions: resource management, hop-by-hop authentication, credential management and security policy management. Resource management avoids excessive use of resources by constraining the maximum available resource quantity of each application. Hop-by-hop authentication is realized by adding hop-by-hop integrity option to ANEP header, which accomplishes the previous hop authentication and the hop-by-hop integrity checking. The function of credential management is to obtain the credential, authenticate the validity of the credential, and make origin authentication and end-to-end integrity checking by using the principal’s public key carried in the credential. Security policy management is realized by embedding a reformed KeyNote Trust Management system into NodeOS kernel to complete access control to node resource.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
DARPA AN Architecture Working Group. Architectural Framework for Active Networks (2000)
DARPA An Security Working Group. Security Architecture for Active Nets (2001)
Murphy, S., et al.: Strong Security for Active Networks. In: IEEE OPENARCH (2001)
Tullmann, P., et al.: Janos: A Java-oriented OS for Active Network Nodes. IEEE Journal on Selected Areas in Communications 19(3), 501–510 (2001)
Alexander, D., et al.: A Secure Active Network Environment Architecture: Realization in SwitchWare. IEEE Network 12(3), 37–45 (1998)
Dandekar, H., et al.: AMP: Experiences with Building an Exokernel-Based Platform for Active Networking. In: Proceedings of the DARPA Active Networks Conference and Exposition (2002)
IETF Active Networks Group. Active Network Encapsulation Protocol (ANEP). RFC Draft (1997)
IETF Network Working Group. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (2002)
Blaze, M., et al.: Decentralized Trust Management. In: Proceedings of the 17th IEEE Symposium on Security and Privacy, Oakland, USA, pp. 164–173 (1996)
IETF Network Working Group. The KeyNote Trust-Management System Version 2. RFC 2704 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cao, Y., Shao, Y., Cai, Z. (2012). Research on Security Management in Active Network Node Operating Systems. In: Wang, F.L., Lei, J., Gong, Z., Luo, X. (eds) Web Information Systems and Mining. WISM 2012. Lecture Notes in Computer Science, vol 7529. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33469-6_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-33469-6_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33468-9
Online ISBN: 978-3-642-33469-6
eBook Packages: Computer ScienceComputer Science (R0)