February 10, 1999
1131 ENG II
12:00-1:30 p.m.

In attendance:
Karl Levitt (KL), Steven Templeton (ST) and Jim Hoagland (JH)


Last Meeting
Converting LaSCO to GrIDS
Cyber Army
Center of Security
Application Security
Next Meeting
    1. Last Meeting
      1. Plan to visit in May or June
      2. Configuring firewall
    2. Converting LaSCO to GrIDS
      1. JH: Trying to get GrIDS running
      2. The objective is to translate LaSCO rulesets to GrIDS
    3. Policy
      1. Baiju interested in communication policy – look at Jim Hoagland’s policy language paper
        1. Policy too broad for Baiju – interested in low-level encryption
        2. Intel interested in a way to state acceptable protocol policy at a high level
      2. ST: When setting up connections, assume that data is labeled with a security class
        1. JH: Provisions for negotiating connections ST: Rankings
          1. JH: Receiver chooses whichever way is easiest for them.
          2. ST: Pick method that has the greatest utility for everyone.
        2. JH: Large domain over different configurations – integrity, confidentiality, where try to hide connections going on.
          1. ST: Service on a certain port – strong integrity or list algorithms
            1. Feeling about encryption method can change
            2. Encryption algorithm done indirectly
            3. Map it down to protocols, key length, implementation level
          2. ST: Communication list of protocols – matrix with fixed fields or context specific? JH: All context-specific
      3. KL: Consider multi-party negotiations?
      4. ST: Streaming video is a big security problem
    4. Cyber Army
      1. US government wants to create a branch of cyber soldiers that protect the computer infrastructure, look for hackers.
      2. $3 million in scholarships to train people in computer security
    5. Center of Security
      1. Create an interdisciplinary Center of Security
        1. Invite lecturers from various disciplines (math, law school, psychology criminology, medical school, industry)

        2. Talk to Kevin Smith – vice chancellor for research

    6. Application Security
      1. ST: Internet, fooling sniffers, traffic analysis, real-time virus checking, cryptographic file system or constantly defragmenting files in the background
        1. Encryption engine on hard drive
      2. ST: Web browsers
        1. Look at policy, tracking and description of web sites
        2. Can do anomaly detection to determine if user is using/accessing inappropriate sites
        3. Look at worker’s job description to determine if accessing inappropriate sites
          1. Block inappropriate websites
        4. Browse sites through a free internet "nanny"
        5. Watch server and see if people can get to sites that they shouldn’t be able to get to
          1. Log in with someone else’s password
    7. Next Meeting
      1. Jim Hoagland to present his paper on a policy language
      2. Invite Prem, Michael Gertz, Christina Chung to next meeting