POLICY MEETING
Wednesday, July 14th, 1999
3-4pm
3085 EU II
In attendance:
Karl Levitt (KL), Mark Heckman (MH), Jim Hoagland (JH), Premkumar Devanbu (PD) and Michael Gertz (MG)
- News Items
- Review of last weeks notes
- New BAAs coming out this summer; one on policy
- Team with others - TIS, Lee Benzinger
- Possible BAA Research Topics
- Security policies - piece negotiate what they enforce
- Automatic programming for distributed machines
- Hierarchical, distributed constraint
- Detect policy variations; policy constraints on databases
- Related to JH's work on Distributed Object Systems
- Multi-level secure database systems - C2 or B2 level of security
- Haven't seen policy and integrity constraints -- how they're enforced.
- Data Integrity - consistency
- Integrity - modify permissions
- Multi-level security policy - no model for it
- McClean's paper on hierarchical relationships
- Formalism connection
- When sharing a system, it's impossible to have no interference -- tradeoffs.
- Classification and clearance done by security kernel
- Protect objects with the operating system; not the database
- Specify everything you can expect. Behavior it allows
- Trace-based security model
- Restrictiveness
- Non-induce-ability
- Relate policy to IDS - enforcement sites
- Focus on integration of policy - cooperation of levels
- Access what, given a particular state and histories
- Ex. Grades - controlled release of information
- Temporal constraints
- Review constraints
- Ordering constraints
- Age Constraints
- Quorum protocol - using protocols
- Policies as OCL constraints
- Examples lead to level of abstraction that covers all the examples
- Completeness in terms of languages
- Policy standards
- Data model
- Don Parker - 8 definitions of security policy
- Taxonomy; framework for looking at policies.