Agenda for Misuse Detection Project Meeting
Tuesday 15-July-97, 1pm - 3pm

Review agenda. Select a timekeeper.
writing an explicit & formal Security Policy (0:20) Steven

Configuring NT server (0:10) Kathy

Macro viruses in Office 97 (0:25) Julie

Generic methodology of something or other (0:30) Scott

ORD visit (0:20) Matt
    Database policy problem (0:10) Brant.
    Does Brant need help? use Steven perhaps?

Admin (0:05)
    Debrief IA, Financial aid meeting with Pat Kearney (0:10) Steven
    Scott would like an video projector

Topics for next agenda (0:10)

15-July-97 Meeting Notes, 1:05pm - 3:10pm

Attendees: Steven Templeton, Chris, Julie, Brant, Scott Miller, Kathy Lam, Matt Bishop (last 30 mins)

writing an explicit & formal Security Policy (0:20) Steven
    What is the point of this exercise? Brant, Steven and Scott asked this.
    Brant proposes that Friday's 3-hour formal policy construction exercise
    was not productive because we lacked a formal language. Steven thinks we
    were using just general math and logic.
    Julie feels we have enough examples.
    Scott and Steven would like test cases to be as general as possible.
    Chris disagrees and wants test cases to be as specific as possible.
    Decided to have another meeting this week to construct a formal policy.

Configuring NT server (0:10) Kathy
    NT works, 95 does not. 95 networking is totally broken.
    Kathy described the NT registry and asked about the OpenTrap software that Chris
    stumbled upon.
    eventually move Toshiba computer to Scott's desktop.

Macro viruses in Office 97 (0:25) Julie
    Julie distributed a write-up about macro viruses. She has scheduled a demo
    of the macro virus creator lab on Monday, 21-july-97.
    she will emphasize the characterization and detection sections.

Generic methodology of something or other (0:30) Scott
    Scott did a fine job presenting the paper. Complained that Steven/Chris stole his
    No data. Chris wanted to know if the methodology was evaluated. There was
    a lot of discussion about how to construct experiments of this kind when
    data is lacking. Suggestions to look at anthropology or paleontology
    about how to construct hypothesis and experiments.
    how to ensure that assessment of sensitivity levels are correct?
    good examples of different types of data objects and processes that use those
    objects in a healthcare environment.

ORD visit (0:20) Matt
    Brant proposes to use SQL as a policy specification language and SQL queries
    upon an audit log (database) becomes a misuse detection approach. Since Brant
    is already spread pretty thin, Steven might work on this problem. Also Brant
    may work on it after mid-August. Chris suggested that he discharge his
    current obligations so that Brant is free to join the Ariel project.

    Chris asked everyone to prepare their tech reports, put them on the WWW in
    PDF or HTML. Also make up 4-8 viewgraphs by Aug 1. Chris or Karl can take
    them to ORD Aug 5. Send URLs to Chris.

Admin (0:05)
    Steven will drop by Alan's office to get the financial aid data dictionary.
    There should be a computer and video projector in 1131 and 3085 for the purposes
    of making presentations. Matt said he would suggest it at the next ITC meeting.

    tuesdays 22-jul meeting moved to thursday 24-jul -- julie, chris and matt cannot attend
    tuesday 29-jul meeting moved to wednesday 30-jul -- julie coming back from bas--uuh-ton

Topics for next agenda (0:10)
    Virus demo
    Review tech reports and transparencies.
    paper EFD: A hybrid knowledge/Statistical based system for the detection of fraud.
    SGML presentation by Matt, after mid-Aug.
    Scott lead a discussion of dataless scientific inquiry.