Wang Jianguo,Li Zengzhi,Wang Yu,Kou Ya'nan
(Institute of Computer Architecture & Network,Xi'an Jiaotong Univercity 710049,China)
Abstract:After analyzing the current research about active network security,a universal securiry mechanism for active network is presented.This mechanism keeps to the security specification proposed by Active Network Security Working Group.According to the characteristics of active network,two important protected objects,active node and capsule,are proposed.This mechanism constructs two engines,authentication/authorization engine and accessing control engine.Certificate database and security policy database are designed so that engines can consult certificate to authenticate principals' identity and refer to security policy to control capsule to access system resources when it provide request services for execution environment.These can protect active nodes effectively.In order to describe the complicated dynamic security control policies,this mechanism imports capability.Digital signature and software states catching mechanism are used to protected and insolated capsules.Active nodes and capsules can be protected effectively with this mechanism.Security facilities implemented with this mechanism can serve as a generic component to build secure active network.
Keywords:active network;security;capsule;resources accessing control