Review agenda. Select a timekeeper.
Susan's meeting (0:20) Chris Baltimore Conference (0:10) Chris Audit Performance (0:30) Scott Audit Stat Polymorphic Viruses (0:15) Kathy Topics for next agenda (0:10) schedule meeting with Susan polymorphic virus mutation
18-September-97 Meeting Notes, 1:36am - 4:15pm
Attendees: Chris, Kathy, ScottSusan's meeting (0:20) Chris update David, the technical sponsor Scott's paper - prototype proposal Chris - Intel policy proposal: specification language what is misuse : Horn clause Baltimore Conference (0:10) Chris Baltimore meeting with cia should be cancelled due to low turnout Audit Performance (0:30) Scott/Chris -Audit_Stat BSM in Solaris that has two options: interogates kernal for numbers, # of records, #blocks, amount of memory used, 64K auditing version, efficient, dumps code out -snapshots @ 3 sec. intervals. net search compare w/ nt tools -Audit_D audit_to or au_to is in MAN pages. These functions are sub-routines. Event Delete analysis : input is saved event log delete_event hacks into saved event log, and counts number of events contact German guy about API's and find out how he found info re: audit log Polymorphic Viruses (0:15) Kathy talk w/ Julie about CIA work. consult Maria: 1) Polymorphic virus library: link with mutation engine code: *.asm assembly program 2) use a disassembler: gdb goal: create a robust signature to detect viruses. Topics for next agenda (0:10) schedule meeting with Susan polymorphic virus mutation