GLOBAL GUARD MEETING
Tuesday, August 10, 1999
3-5pm
1066 EU II
In attendance:
Karl Levitt (KL), Jeff Rowe (JR), Steven Cheung (SC), Aaron Stearns (AS), Rick Crawford (RC), David O'Brien (DOB), Chris Wee (CW) and Marcus Tylutki (MT)
DARPA PI Meeting
Steven Templeton developed a language (JIGSAW) within two days.
Other correlation projects being worked on:
UCSB - Cameron - state-based approach - encode signatures in finer state machines
Stanford - David Luckham - Event correlator - pattern matching, output is CIDF
Boeing proposal with Felix Wu (GIANT) under Ming-yu Wang
Sami wants us to work together to develop a common language. Karl has been asked to form a committee to meet to develop a common language.
Need an event description language (like CIDF) and CYC
For new attacks - would prefer to describe them in a specification language
RC: Suggests rapid prototyping of 3-4 correlation approaches instead of writing a common language. We don't know enough about what we want to write a language.
KL: Need to describe attacks, events - need more than just an event language. It will probably look more like a specification language.
Languages that others are working on may not be powerful enough to do what we want.
Brian Tung - CRISIS
AS: Pass around attack patterns (as opposed to attack events).
CW: How hackers distribute scripts
Incorporate Matt's work on vulnerabilities
KL: Rich Littman at Lincoln Labs - wants a script that runs reliably
Have participants in committee send scenarios that a common language will need to represent.