POLICY MEETING
May 5, 1999
3:15-4:15pm
3085 ENG II
In attendance:
Karl Levitt (KL), Jim Hoagland (JH), Michael Gertz (MG), Kimberly Knowles
(KK), Brant Hashii (BH), Premkumar Devanbu (PD)
-
Determine interest/direction of Policy Group
-
MG: What is level of abstraction? Start with very abstract papers that
are new. Start with top down approach.
-
KL: Policies we can reason about, enforce, or use as a base.
-
MG: Focus on specification, not mechanisms. Get an idea of expressiveness.
-
JH: Look at 4 different types of policies
-
Constraint, selection policies, response and trust policies. PD: Implementation.
-
MG: Trust policies aren’t a subset of constraint policies?
-
JH: I'm thinking of policy maker papers.
-
MG: General properties – self-descriptive that can extend expressability.
We should focus on this abstract level or other language – action oriented
language, state-oriented, statements are static or temporal – focus on
expressiveness not focus on application.
-
KL: Include CIDF work - we haven't done full semantics for that. Some money
to do that.
-
KL: Survey paper for ACM Computing Surveys by the end of the summer. Survey
papers – what are interesting policies? Languages, mechanism for enforcement,
distributed, reasoning – tools available. Decision procedures.
-
MG: Categorized examples – dynamic, static, properties. Classification
for each
-
Sort Through Paper List
-
Look at Jim Notes on Constraint Security Policies: An Overview.
-
Spread Policy papers around, get an overview of each paper.
-
KL: Goguen paper. JH: Doesn’t map a real system. KL: A bit dated. It describes
how one user is interfering with another user. KK: Military policy for
military access control. PD: Information control. KL: Landwerh paper –
Formal Security Models -- ACM Computing surveys 1982.
-
Next Meeting
-
KL: Revisit paper categories.
-
PD: Taking a policy, how much does it slow down the computation. Michael
is interested in formal specifications; Brant – adaptive policy; KL: Good
organization and categorization for policies.