Computing Reviews

Reasoning about secrecy for active networks
Kakkar P., Gunter C., Abadi M. Journal of Computer Security11(2):245-287,2003.Type:Article
Date Reviewed: 10/20/03

In an internetwork context, an active network is one where chunks of mobile code, carried in packets, can be executed at routers, as well as at hosts. This can cause security-relevant changes in services, and in resources like routing tables. Against others security (AO-security) distinguishes between controlled (honest) and uncontrolled (possibly malicious) routers, networks, and hosts. To state and analyze AO-security concerns formally, this paper introduces a primitive language, uPLAN, based on the packet language for active networks (PLAN).

uPLAN’s semantics are expressed using a version of Landin’s stack, environment, code, dump (SECD) abstract machine, and using a nondeterministic “chemical abstract machine” execution model, specified with multiset rewrite rules. Some security issues are stated and proved, mostly concerning the ability of uncontrolled routers to affect the routing tables of controlled routers indirectly, and thereby cause confidential, but unencrypted data to be routed into uncontrolled parts of the internetwork, where they can be observed by intruders. Distance vector routing and the more advanced labeled routing protocols are examined.

Reviewer:  Jon Millen Review #: CR128402 (0402-0180)

Reproduction in whole or in part without permission is prohibited.   Copyright 2024™
Terms of Use
| Privacy Policy