POLICY MEETING
July 21, 1999
3085 ENG II
3:00-4:00pm

In attendance:
Karl Levitt (KL), Michael Gertz (MG), Nicole Carlson (NC), Jim Hoagland (JH), Aaron Keen (AK), Dave Peticolas (DP), Mark Heckman (MH), and Brant Hashii (BH)

1. Release of DARPA BAA 99-33
1. Coalition partners - temporarily our allies
2. Submit a proposal with Rich Fiertag and on our own
3. Policy Projection - compile abstract policy down into enforcement policies
1. Use a standard language
2. Jim's language LaSCO would be a good starting point. It's readable and you can write detailed policies from it
3. Apply CISL
4. UML - derivation of state charts, composition rules; composing state machines
4. DAPA likes broad-applicability - prototypes, many applicable systems
2. McLean's paper: "A General Theory of Composition for Trace Sets Closed Under Selective Interleaving Functions"
1. Uses Alpern-Schneider framework
2. Model set of states, properties of systems
1. Safety properties - predicate on a state
2. Liveness properties - eventually true in state
1. Show implementation satisfies specification
3. Non-interference Property (Abadi/Lamport) - low level and high-level security
4. Separability
3. Theory about Security Policy - interleaving function
1. 3 external composing constructs
1. Product - running two systems in parallel that don't interact (run independently)
2. Cascade - running two systems in serial. Theorems about how security policies are preserved under cascade.
3. Feedback - circular construction. Hits both systems twice before exiting to an external
1. Theorems of composing systems
2. Not as clean as cascade
3. Separability and non-interference
2. 3 Internal Composition Constructs - Restrictiveness (Abadi/Lamport)
1. Trace Union, Intersection, Difference
2. Need restrictiveness assumption to preserve high level security properties
3. For Next Week
1. Jim will present a review of his LaSCO work
2. Brainstorm Policy topic for BAA