The Permissiveness of Active Architectures

After studying two research papers in my Internet research class on active architectures, I wonder why these researchers did not settle on proposing a plugin-based architecture instead. Relatively few systems exist that allow arbitrary code to be executed. Google App Engine, Google NaCl, the JVM, and the CLR are all good examples of such system and provide facilities for controlled and secure execution of arbitrary code. However, all of these examples are platforms that were built explicitly as Turing-complete machines to run any application on, trusted or untrusted. I do not, however, believe that a network architecture should have the same kind of flexibility as a programming language runtime. A network need not execute untrusted code, and its scope is much more limited than that of a general language runtime. In proposing such an architecture, these researchers almost seem to be considering the interests of a few minority parties over the those of the public at large.

Instead of proposing an architecture where any user can execute arbitrary code, why not propose one with a plugin system? Such a design would place control and responsibility of the code that gets executed on the network back in the hands of the network owners and operators themselves, without sacrificing generality. Such a system could allow autonomous systems to advertise which plugins they support, and BGP-like protocols could take such information into account when routing a packet that requires a specific plugin.

While such a design would require manual intervention by ISPs to install a new network feature, the number of security and performance issues would drop dramatically and those that remained would be much simplified. Also, if a plugin provided significant benefits to customers or ISPs, the utility of the plugin itself should be enough incentive for organization to install it on their existing hardware. Lastly, not all of the Internet needs to have a plugin installed for it to be used, only enough that a path can be found between a source and destination where each AS hop supports the plugin.

A plugin architecture can make the Internet just as dynamic as an active architecture, but through much safer and less radical means.