POLICY GROUP MEETING
Wednesday, April 28th, 1999
3:15-4:15PM
3085 EU II
In attendance:
Karl Levitt (KH), Michael Gertz (MG), Brant Hashii (BH), Kimberly Knowles
(KK), Jim Hoagland (JH)
TOPICS
Direction for Policy Meetings
Policy Language
RAID Conference
Next Meeting
-
Direction for Policy Meetings
-
KL: Going over papers, ideas, bunch of policy projects, potential funding
-- we don’t understand enough.
-
JH: Would like to see policy meeting be more than just proposal writing
meetings. Talk about different policies, other policy languages, how you’d
enforce policies.
-
BH: Start off with a survey of policy languages, go through papers and
projects, here and elsewhere, develop a taxonomy of policies.
-
Event based policy specification language.
-
JH: Started to do taxonomy last June.
-
Policy Language
-
MG: Prem is working on expressiveness of policy specification language.
Computational complexity, impact of adding features, how much more to audit.
-
What is expressiveness and computational cost? Do same thing with specification
language in terms of specifying and insuring policy. Matrix features –
overhead on system for policy.
-
KK: Working with policy language with Prem and Matt as an extension of
253 class project.
-
KL: Don’t have good understanding of policy language. Access control =
more than that - liveness properties.
-
MG: Properties of policy language, taxonomy of language, expressiveness.
A survey of existing languages would be a good paper and very helpful.
Current papers in policy create new languages.
-
MG: What’s a policy specification language anyway?
-
KL: Specifying and enforcement, detection.
-
MG: Two levels, predicate logic or temporal logic, nice policy specification
language, but what do you do with it? Prove properties but no mechanisms
-
KL: Program synthesis, if you believe in it.
-
JH: Look at Woo and Lam paper
-
MG: Fill out approach expressiveness of a data, hierarchies, structural
then temporal aspects, schedule event, compose event, point-based.
-
KL: Helpful to think about interesting examples with Jim's work. Composition
of policies. Predicate calculus- what does it mean in terms of policy?
-
MG: Integration of policies. System integration, differences for different
policy languages. First understand the language.
-
KL: IDS world, look at enforcement and IDS mechanisms and response mechanisms.
-
MG: Form mapping methods, then could be more formal. KL: Jim’s work lacking
formal aspects.
-
RAID Conference
-
KL: May 21st papers due. Call for panel discussions and papers:
JH and BH could write papers.
-
KL: We could write a one-page description for a panel
-
Other people in field – Mary-Ellen Zurko, data modeling world - Prem
-
Tetionic logic – Cuypun and Sholvy – model logic.
-
Someone who knows world of security policy (officer from CIA), requirement
in process, writing it down in natural language. Is it actual implementation
similar to what we write/read in papers?
-
Policy languages – Karl Landwer
-
KK: Advanced Checker – BT Security work for NT product user-friendly gooey
that specifies policy on NT system.
-
KL: Stuart - technical work. Friends at Boeing – Lawrence Rockwell, Sue
Shield. Maybe Baiju from industry standpoint. Possibly Jim Anderson. Light
on technical ideas
-
Java people Lee Gong, Java Soft – woman from Oakland conference – work
in policy class for Java.
-
MG and KL to work on 1 page panelist paper.
-
Next Meeting
-
KL: For next week, look at papers that Kim, Brant and Jim bring in, top-down
approach to cluster papers. Procurements coming up, DARPA has another round,
3 BAAs that relate to security, Presidential Commission Office of Special
Technology. ONR/ ARO interested in forming security programs.
-
Ask if Brant's friends would like to come.