May 5, 1999
3085 ENG II

In attendance:
Karl Levitt (KL), Jim Hoagland (JH), Michael Gertz (MG), Kimberly Knowles (KK), Brant Hashii (BH), Premkumar Devanbu (PD)

  1. Determine interest/direction of Policy Group
    1. MG: What is level of abstraction? Start with very abstract papers that are new. Start with top down approach.
    2. KL: Policies we can reason about, enforce, or use as a base.
    3. MG: Focus on specification, not mechanisms. Get an idea of expressiveness.
    4. JH: Look at 4 different types of policies
      1. Constraint, selection policies, response and trust policies. PD: Implementation.
        1. MG: Trust policies aren’t a subset of constraint policies?
        2. JH: I'm thinking of policy maker papers.
    5. MG: General properties – self-descriptive that can extend expressability. We should focus on this abstract level or other language – action oriented language, state-oriented, statements are static or temporal – focus on expressiveness not focus on application.
    6. KL: Include CIDF work - we haven't done full semantics for that. Some money to do that.
    7. KL: Survey paper for ACM Computing Surveys by the end of the summer. Survey papers – what are interesting policies? Languages, mechanism for enforcement, distributed, reasoning – tools available. Decision procedures.
      1. MG: Categorized examples – dynamic, static, properties. Classification for each
  2. Sort Through Paper List
    1. Look at Jim Notes on Constraint Security Policies: An Overview.
    2. Spread Policy papers around, get an overview of each paper.
    3. KL: Goguen paper. JH: Doesn’t map a real system. KL: A bit dated. It describes how one user is interfering with another user. KK: Military policy for military access control. PD: Information control. KL: Landwerh paper – Formal Security Models -- ACM Computing surveys 1982.
  3. Next Meeting
    1. KL: Revisit paper categories.
    2. PD: Taking a policy, how much does it slow down the computation. Michael is interested in formal specifications; Brant – adaptive policy; KL: Good organization and categorization for policies.