If I think about it: the way capsules propagate through a network is by injecting code into the router software to spread to the next router. So this is really how a worm/virus spreads through a network. There have been implemented several active networks already: code red worm, melissa, happy99.exe, Chernobyl. Some of this research lead to imprisonment eventually, apparently the FBI doesn't like research on Active Networks. There are even organizations fighting Active networks, for example Symantec. And unfortunately, Windows is a little ahead of Linux in terms of Active Network implementations.
Active Network basics
- a packet is called a capsule and carries code (perhaps by reference) executed on the router (active node) to process and eventually forward it
- benefits: flexible network layer, decoupling services from the underlying infrastructure, enables fast deployment of new features across WANs
- concerns: mobile code raises security and performance issues
- capsule model of programmability
- accessibility of that model to all users
- applications that can be constructed
- code is carried by reference which is MD5 encrypted hash = "type of service" field, reduces capsule header to be comparable to IP header
- code also given a human readable name, distributed through DNS-like directory service
- code cached locally
- capsules are forwarded as IP packets between conventional routers, processed as capsules by active routers: this allows for a gradual deployment, deployment on heterogenous network, router can be split into layer processing some packets in hardware fast, and some in software slow
- code is written in type-safe language (e.g. Java ) or with proof
- code is executed in isolation from capsules of different type, in sandbox
- code's runtime and resources are limited
- code may not change type of service when routing or creating new packets
- code must lower TTL
- code can only create limited number of new capsules (e.g. limited by total TTL)
- but still: code is certified by trusted authority (IETF)
- API for capsule's code: query node environment, soft-state storage, routing, possibly loss information
- tests run on ANTA kit, in Java, as overlay network on UDP
- code distribution provides insignificant overhead
- analysis of protection attempts to answer the following questions: 1. can the node runtime be corrupted by service code? 2. can distributed service code be corrupted or sppofed? 3. Can the state cached be inadvertently manipulated by another service?
- analysis of resource management: 1. Can a capsule consume a large, possibly unbounded amout of resource at a single node? 2. Across a large number of nodes? 3. Can an application running on an end-system be used to inject a large possibly unbounded number of capsules into the network?
- Characterization of servies: expressible, compact, fast, incrementally deployable
- new services based on network layer state
- multicast, reliable multicast support, ECN, PIP, anycast
- The idea of active networks is very interesting, particular regarding the many algorithms and techniques like fair queueing, ECN, XCP, RED, multicast, QoS, anycast which exists but are difficult to deploy on existing infrastructure.
- But unfortunately the security and resource concerns restrict the abilities of the capsule's code (e.g. isolation from other flows) to implement some of these algorithms. The list of remaining techniques did not convince me. Anycast works reasonably implemented in BGP and through DNS. Maybe it is the revival of multicast?
1 comment:
What a provocative post! Note that active networks are about the router infrastructure rather than end nodes that are the targets of viruses and such.
Post a Comment