Future active Ip networks security architecture Dus ˇan Gabrijelc ˇic ˇ a, * , Borka Jerman Blaz ˇic ˇ a , Jurij Tasic ˇ b a Jozef Stefan Institute, Laboratory for Open Systems and Networks, Jamova 39, SI-1000 Ljubljana, Slovenia b Faculty of Electrical Engineering, University of Ljubljana, Trzaska 25, SI-1000 Ljubljana, Slovenia Received 5 August 2004; accepted 5 August 2004 Available online 11 September 2004 Abstract Programmable and active networking principles provide a basis for a flexible and extensible network element architecture. Such architecture enables provision of various services in the network for its users but raises many security concerns and security becomes a key issue in such system. Based on description of the system, possible threats, high level security architecture goals and issues we propose a flexible and general security architecture which was designed and implemented in the context of the Future Active Ip Networks [FAIN project home page. URL http://www.ist-fain.org] project. Initial evaluation shows that strong security in such system is possible and that we have achieved most of our goals. The security architecture itself is general; we have applied it to three types of nodes developed and to one pure active networking approach. q 2004 Published by Elsevier B.V. Keywords: Security architecture; Programmable networks; Active networks 1. Introduction For a long time there has been a research interest to provide flexibility and extensibility in network elements. Programmable and active networks approaches [2,3] have enabled their users to extend and program network elements to fulfill their specific communication needs. Following and extending this approaches, FAIN aims at developing a flexible, high performance and secure active network node. In such node heterogeneous technologies should be used to provide various services for its users in transport, control and management plane. Flexibility of such system raises serious security concerns. Mainly in active networking, security has been an area of intensive research already for more than half a decade. The security solutions in general can be divided in two distinct approaches: architectural based and language based. Architectural based aim at providing provide more or less complete security solutions like U. of Pennsylvania SANE [4,5] or Active networking security working group security architecture [6,7]. Language based approaches are relying on safe language and interpreter design and achieve security through seriously limiting the ability of the programs that can be injected in the network [8,9]. FAIN as approach using multiple technologies can benefit from language based approach but cannot rely only on it; general security architecture has to be provided. In FAIN we aim at developing a complex environment for flexible service provisioning and management of these services. Existing security approaches are targeted to more simple structured environments, they do not cover collab- oration of multiple EEs, services and service components, neglect management issues, do not provide clear view of system entities or cover only a part of the tasks that the security architecture should perform. Security architecture is a set of principles, services and mechanisms that are required to meet the needs of its users, prevents intentional and unintentional threats and set of system elements that implement the services. 1 To define the needed principles, services and mechanisms we will introduce system relationships and entities in Section 2, Computer Communications 28 (2005) 688–701 www.elsevier.com/locate/comcom 0140-3664/$ - see front matter q 2004 Published by Elsevier B.V. doi:10.1016/j.comcom.2004.08.012 * Corresponding author. E-mail addresses: dusan@e5.ijs.si (D. Gabrijelc ˇic ˇ), borka@e5.ijs.si (B.J. Blaz ˇic ˇ), jurij.tasic@fe.uni-lj.si (J. Tasic ˇ). 1 The security related definitions used in the paper are mainly based on definitions from Internet Security Glossary [10], if not specified otherwise.