Skip to Main Content
The Smart Firewalls project within the DARPA Dynamic Coalitions program has developed technologies to (i) specify high-level network-wide security policy, (ii) monitor and check network policy compliance from low-level configuration settings of network devices, and (iii) generate new device configurations to bring the system to a policy-compliant state. Our previous demonstration showed a single "smart firewalls" policy engine managing the security policy of a dynamic coalition of networks. In a coalition of networks, each network is expected to have its own policy enforcement mechanism, or policy engine. When networks form a coalition they agree on a coalition policy. The policy engines of different coalition members will be expected to share information in order to enable cross-network access as dictated by coalition policy. The current paper features a coalition of networks, each with its internal policy upheld by its own policy engine. We show that the federated policy engines uphold the coalition policy, while also upholding their internal policies. We demonstrate how the federated policy engines (a) check configurations for policy compliance, and (b) generate configurations to remedy policy violations when feasible, and raise an alarm otherwise.