GLOBAL GUARD MEETING
Tuesday, August 10, 1999
3-5pm
1066 EU II

In attendance:

Karl Levitt (KL), Jeff Rowe (JR), Steven Cheung (SC), Aaron Stearns (AS), Rick Crawford (RC), David O'Brien (DOB), Chris Wee (CW) and Marcus Tylutki (MT)
    1. DARPA PI Meeting
      1. Steven Templeton developed a language (JIGSAW) within two days.
      2. Other correlation projects being worked on:
        1. UCSB - Cameron - state-based approach - encode signatures in finer state machines
        2. Stanford - David Luckham - Event correlator - pattern matching, output is CIDF
        3. Boeing proposal with Felix Wu (GIANT) under Ming-yu Wang
      3. Sami wants us to work together to develop a common language. Karl has been asked to form a committee to meet to develop a common language.
        1. Need an event description language (like CIDF) and CYC
        2. For new attacks - would prefer to describe them in a specification language
        3. RC: Suggests rapid prototyping of 3-4 correlation approaches instead of writing a common language. We don't know enough about what we want to write a language.
        4. KL: Need to describe attacks, events - need more than just an event language. It will probably look more like a specification language.
        5. Languages that others are working on may not be powerful enough to do what we want.
        6. Brian Tung - CRISIS
        7. AS: Pass around attack patterns (as opposed to attack events).
          1. CW: How hackers distribute scripts
          2. Incorporate Matt's work on vulnerabilities
        8. KL: Rich Littman at Lincoln Labs - wants a script that runs reliably
        9. Have participants in committee send scenarios that a common language will need to represent.
    2. Assignments
      1. Rick will look into Cameron's work as UCSB.
      2. Marcus will look into Stanford's work.
      3. David O will get a script to Rich Littman.