POLICY MEETING
Wednesday, July 14^th, 1999
3-4pm
3085 EU II

In attendance:
Karl Levitt (KL), Mark Heckman (MH), Jim Hoagland (JH), Premkumar Devanbu (PD) and Michael Gertz (MG)

1. News Items
1. Review of last weeks notes
2. New BAAs coming out this summer; one on policy
1. Team with others - TIS, Lee Benzinger
2. Possible BAA Research Topics
1. Security policies - piece negotiate what they enforce
1. Automatic programming for distributed machines
2. Hierarchical, distributed constraint
3. Detect policy variations; policy constraints on databases
4. Related to JH's work on Distributed Object Systems
2. Multi-level secure database systems - C2 or B2 level of security
1. Haven't seen policy and integrity constraints -- how they're enforced.
1. Data Integrity - consistency
2. Integrity - modify permissions
2. Multi-level security policy - no model for it
3. McClean's paper on hierarchical relationships
1. Formalism connection
4. When sharing a system, it's impossible to have no interference -- tradeoffs.
5. Classification and clearance done by security kernel
1. Protect objects with the operating system; not the database
2. Specify everything you can expect. Behavior it allows
3. Trace-based security model
1. Restrictiveness
2. Non-induce-ability
3. Relate policy to IDS - enforcement sites
1. Focus on integration of policy - cooperation of levels
2. Access what, given a particular state and histories
1. Ex. Grades - controlled release of information
2. Temporal constraints
3. Review constraints
4. Ordering constraints
5. Age Constraints
3. Quorum protocol - using protocols
1. Policies as OCL constraints
2. Examples lead to level of abstraction that covers all the examples
3. Completeness in terms of languages
4. Policy standards
1. Data model
2. Don Parker - 8 definitions of security policy
3. Taxonomy; framework for looking at policies.