TY - GEN
T1 - Federated security management for dynamic coalitions
AU - Bhatt, S.
AU - Raj Rajagopalan, S.
AU - Rao, P.
N1 - Publisher Copyright:
© 2003 IEEE.
PY - 2003
Y1 - 2003
N2 - The Smart Firewalls project within the DARPA Dynamic Coalitions program has developed technologies to (i) specify high-level network-wide security policy, (ii) monitor and check network policy compliance from low-level configuration settings of network devices, and (iii) generate new device configurations to bring the system to a policy-compliant state. Our previous demonstration showed a single "smart firewalls" policy engine managing the security policy of a dynamic coalition of networks. In a coalition of networks, each network is expected to have its own policy enforcement mechanism, or policy engine. When networks form a coalition they agree on a coalition policy. The policy engines of different coalition members will be expected to share information in order to enable cross-network access as dictated by coalition policy. The current paper features a coalition of networks, each with its internal policy upheld by its own policy engine. We show that the federated policy engines uphold the coalition policy, while also upholding their internal policies. We demonstrate how the federated policy engines (a) check configurations for policy compliance, and (b) generate configurations to remedy policy violations when feasible, and raise an alarm otherwise.
AB - The Smart Firewalls project within the DARPA Dynamic Coalitions program has developed technologies to (i) specify high-level network-wide security policy, (ii) monitor and check network policy compliance from low-level configuration settings of network devices, and (iii) generate new device configurations to bring the system to a policy-compliant state. Our previous demonstration showed a single "smart firewalls" policy engine managing the security policy of a dynamic coalition of networks. In a coalition of networks, each network is expected to have its own policy enforcement mechanism, or policy engine. When networks form a coalition they agree on a coalition policy. The policy engines of different coalition members will be expected to share information in order to enable cross-network access as dictated by coalition policy. The current paper features a coalition of networks, each with its internal policy upheld by its own policy engine. We show that the federated policy engines uphold the coalition policy, while also upholding their internal policies. We demonstrate how the federated policy engines (a) check configurations for policy compliance, and (b) generate configurations to remedy policy violations when feasible, and raise an alarm otherwise.
KW - Access control
KW - Cryptography
KW - Engines
KW - Information security
KW - Intrusion detection
KW - Monitoring
KW - Project management
KW - Switches
KW - Technology management
KW - Virtual private networks
UR - http://www.scopus.com/inward/record.url?scp=84890833454&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84890833454&partnerID=8YFLogxK
U2 - 10.1109/DISCEX.2003.1194911
DO - 10.1109/DISCEX.2003.1194911
M3 - Conference contribution
AN - SCOPUS:84890833454
T3 - Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003
SP - 47
EP - 48
BT - Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003
T2 - DARPA Information Survivability Conference and Exposition, DISCEX 2003
Y2 - 22 April 2003 through 24 April 2003
ER -