Agenda for Misuse Detection Project Meeting: Monday 20-Jan-97, 11am-1pm
Location: Delta of Venus
Martin Luther King Jr. Day

Everyone please bring 4 copies of your research plan (itemized), containing concrete milestones for the next 2 months, a conference & deadlines that you might want to submit a paper to. Using these plans, we can exchange them and firm up the research schedule for this quarter. Bring a cup. Also bring any recent results of NT, auditing, ActiveX etc. that you might have.
Research objectives for Winter Quarter (1:30) Chris
	specific milestones
	conferences and paper submission deadlines

NT Vulnerabilities report (0:15) 

Monthly reports (0:10)

Topics for next agenda (0:05)


20-Jan-97 Meeting Notes

Attendees: Steven Templeton, Chris, Julie, Raymond, Brant
Notes taken by Chris Wee
Meeting began @ 11:15am, adjourned at 1:30pm, resumed at 2:00pm and ended @ 3:00pm
Food
Steven had a blueberry muffin, Julie bagels, Brant and Raymond
sandwiches and Chris a hummus bagel.

Hours
The group feels that not enough student time has been devoted
to the project and that we need to ask the PIs to add 1 more
graduate student to the project. An undergrad added during the
summer would help, but not during the winter.
Alternatively, ask ORD for a 6-month no-cost extension to the
project.

Research objectives for Winter Quarter (2:00) Chris
We have agreed upon individual research plans and milestones.
Collectively, these plans are compatible with the project plans and
will advance the project. Chris will combine the plans from
individuals into a group plan

Steven:
+ A written report on existing NT auditing facilities & hypotheses
  of detectable forms of misuse.
+ Proposal for extensions to NT audit facilities

Julie:
+ Thesis proposal
+ Implementation of Raymond Lo's examples from his thesis.
+ Tester's assistant deliverable
+ Buy a book and CD on Java/ActiveX
(much more detail is available in her personal research plan)
Julie advises us that we should always expect prevention to be less
than 100% and identify the alternatives beforehand.

Brant:
+ Definitions of session abstractions.
+ Implementation to parse NT audit logs into session abstractions. See
  Chris' previous work on BSM audit logs (~wee/src/aggregation)
+ Report on how to prevent malicious behavior in downloadable environments
  (e.g. ActiveX/Java), leverage off Raju's proposal. Highlight issues of
  trust in such environments.

Raymond:
+ Report on selected forms of misuse characterization;
  esp. in database systems. (by end of quarter)

Chris:
+ Implementation/Framework for on-line analysis of NT audit logs. The
  framework will discuss the necessary privileges, drivers, and advice
  on how to write a simple on-line audit log program.
+ Auditing of NT base objects and a review of NT 3.51 Trusted evaluation
  report.
+ A tool that can identify standard application programs from audit logs
  (not including obvious attributes such as program names). This will
  serve as a test of the previous framework.

NT Vulnerabilities report (0:15) 
skipped, only Chris and Steven have had a chance to read it.

Monthly reports (0:10)
Steven will write the December report; Chris has given him e.copies
of the Oct and Nov ones. Chris will write the January report.

Topics for next agenda (0:05)
NT Vulnerabilities report
notable research results
add dates to milestones and research plans
monthly report status
group gettogethers or meals/calendar