ORD Discussion Schedule
4 March 1997
Graduate students (Spring Qtr)
stuff of interest w/ comments (working document)
The Insider Problem
Due to limited events in NT Auditing, detection of misuse of authority may require additional information; (eg type of data available in fraud detection)
Sources of examples of misuse
categorized audit data
Event list Audit API and audit log abstractions Disabling NT audit
Lunch-Dos Coyotes or PubMacro Virsus in the Large
- should we recognize all known, or generic recognition of any w/ some missclassifications
- false positive/negative rates
- which applications:
- MS Word, Excel
- Netscape: Java
- Internet Explorer: ActiveX
- HTML: Frames
- Virtual Machines
Meeting Notes taken by Chris Wee
Add "UC Davis" to monthly status reports
The History project will cover papers from 1964 (e.g., Burroughs) to 1975. After 1975, there are conference proceedings.
There are classified penetration studies. Since some of these systems do not exist anymore, it may be possible to de-classify these reports and disseminate them to the research community.
Contact Brant Allen of Univ. Virginia. Perhaps he has written a book.
Technical Exchange Meeting after-hours @ Sudwerks