Abstract not found

The Internet protocols were designed to emphasize simple routing elements and intelligent hosts. However, there are applications that benefit from allowing hosts to customize or program routers, a concept known as active networking. Since routers are shared, this raises challenges with delivering sufficient flexibility while preserving or improving performance, security, and safety. PLAN (Packet Language for Active Networks) is a language designed for the SwitchWare active network architecture. This architecture comprises active packets containing PLAN programs that invoke service routines over an active OS. PLAN is based on the polymorphic lambda calculus and provides a restricted set of primitives and datatypes that enables reasoning about its impact on network resources based on features of the language design. This paper focuses on the PLAN language with the aim of consolidating a variety of studies that were carried out in the years after its introduction in 1998. These studies include the requirements for PLAN, its design, programming in PLAN, the specification and theory of PLAN, and its use in networking applications.

We present SNAP (Safe and Nimble Active Packets), a new scheme for programmable (or active) packets centered around a new lowlevel packet language. Unlike previous active packet approaches, SNAP is practical: namely, adding significant flexibility over IP without compromising safety and security or efficiency. In this paper we show how to compile from the well-known active packet language PLAN [7] to SNAP, showing that SNAP retains PLAN's flexibility; give proof sketches of its novel approach to resource control; and present experimental data showing SNAP attains performance very close to that of a software IP router. Keywords---Active networks, active packets, capsules, resource control. I.

Any large scale security architecture that uses certificates to provide security in a distributed system will need some automated support for moving certificates around in the network. We believe that for efficiency, this automated support should be tied closely to the consumer of the certificates: the policy verifier. As a proof of concept, we have built QCM, a prototype policy language and verifier that can direct a retrieval mechanism to obtain certificates from the network. Like previous verifiers, QCM takes a policy and certificates supplied by a requester and determines whether the policy is satisfied. Unlike previous verifiers, QCM can take further action if the policy is not satisfied: QCM can examine the policy to decide what certificates might help satisfy it and obtain them from remote servers on behalf of the requester. This takes place automatically, without intervention by the requester; there is no additional burden placed on the requester or the policy writer for the retrieval service we provide. We present examples that show how our technique greatly simplifies certificate-based secure applications ranging from key distribution to ratings systems, and that QCM policies are simple to write. We describe our implementation, and illustrate the operation of the prototype. Copyright c 2000 John Wiley & Sons, Ltd. 1.

This paper describes the implementation of the OKE, which allows users other than root to load native and fully optimised code in the Linux kernel. Safety is guaranteed by trust management, language customisation and a trusted compiler. By coupling trust management with the compiler, the OKE is able to vary the level of restrictions on the code running in the kernel, depending on the programmer's privileges. Static sandboxing is used as much as possible to check adherence to the security policies at compile time.

Network monitoring is a vital part of modern network infrastructure management. Existing techniques either present a restricted view of network behavior and state, or do not efficiently scale to higher network speeds and heavier monitoring workloads. Considering these shortcomings we present a novel architecture for programmable packet-level network monitoring. Our approach allows users to customize the monitoring function at the lowest possible level of abstraction to suit a wide range of monitoring needs: we use operating system mechanisms that result in a programming environment providing a high degree of flexibility, retaining fine-grained control over security, and minimizing the associated performance overheads. We present the implementation of this architecture as well as a set of experimental applications.

Active netwo rks are an exciting develo t in netwo rking services in which the infrastructurepro videscusto - able netwo rk servicesto packets. These custo netwo rk services can bedeplo yed by the user inside the packets themselves.

PLAN (Packet Language for Active Networks) [4] is a highly flexible and usable active packet language, whereas SNAP (Safe and Nimble Active Packets) [11] offers significant resource usage safety and achieves much higher performance compared to PLAN, but at the cost of flexibility and usability. Ideally, we would like to combine the good properties of PLAN with those of SNAP. We have achieved this end by developing a compiler that translates PLAN into SNAP. The compiler allows us to achieve the flexibility and usability of PLAN, but with the safety and efficiency of SNAP. In this paper, we describe both languages, highlighting the features that require special compilation techniques. We then present the details of our compiler and experimental results to evaluate our compiler with respect to code size.

Active Networking adds programmability to the elements of the network, most aggressively by using programmable packets, or capsules. ANTS [1, 2] and PLANet [3, 4] are the most mature examples of capsule-based systems, both having been publicly available for several years. This paper presents our experience with these systems and the lessons they hold for the future of capsule-based Active Networking. The paper focuses on four key issues: flexibility, performance, security, and usability. We consider how ANTS and PLANet address these issues, noting that despite substantial surface differences, both systems identify similar key problems and use closely related solutions. Based on our experience with these systems we conclude that capsule-based systems can achieve useful levels of flexibility, performance, and usability. Many aspects of security can also be adequately addressed, but some important problems related to denial of service remain as open problems. Keywords: Activ...

. We present here a methodology for programming active networks in the environment defined by our new language PLAN (Packet Language for Active Networks). This environment presumes a two-level architecture consisting of: 1. active packets carrying PLAN code; and 2. downloadable, node-resident services written in more general-purpose languages. We present several examples which illustrate how these two features can be combined to implement various network functions. 1 Introduction The Internet consists of separate networks of host computers that are interconnected by routers to form a homogeneous internetwork. General-purpose computation is done on hosts, possibly involving communication with other hosts in the internetwork, while routers are specialized to the task of moving packets between the networks. To do this, routers `store and forward' packets to their `next hop,' guided by information in the packet header, such as the destination address. An active network is one in which the...