August 11, 1999
3085 ENG II
Karl Levitt (KL), Michael Gertz (MG), Raju Pandey (RP), Jim Hoagland (JH), Aaron Keen (AK) and Dave Peticolas (DP)
- Projecting Policy Down
- Object-oriented model - resources, availability, map down, command and control system
- Info from source to other source reliably
- Translated into other low-level
- Sensors that tell if something is wrong.
- Trust - Coalition Partners
- Dynamic changes to what is allowed
- MG: Level of abstraction - specific à global
- KL: If there's an attack, need mechanisms to detect and respond
- RP: Policy statements - most we can lose is 3 sites
- Quantify sites
- Translate to low-level policies
- KL: Conflict in policy
- Local policy - defensive weapons only
- Confine to something we can do - automatic programming
- RP: Local systems/local policy
- MG: Assumption - assume we have all local and global information - not realistic
- RP: Don't have to know how they implement policy - only that they can comply. Feasibility can be done at high-level abstraction.
- MG: For each translation, must know the source capabilities
- Expressiveness of global policy - need resource description -- gives you language to specify policies
- Need containment - can't specify more on high-level than you can do at low level
- RP: Derive policy bottom-up. Translate top-down
- MG: Don't have complete descriptions - translation mechanism is ad hoc.
- MG: Need an ontology - vocabulary of domain model - concepts, terms, synonyms. Specify policies - everyone knows how things are related.
- Access control mechanism, instances, sub-concepts
- KL: Confine program and automatic programming; resource model programs available that can access resources at certain times. Virtual firewalls
- Graph or flow model - map virtual resources to concrete resources
- MG: First map resources
- Relationship among concepts
- Mapping from ontology to the system
- Reasoning mechanisms at a high level
- KL: Reasoning - DARPA is sour on automatic reasoning; CYC
- RP: Resource model - low-level
- Software architectures - higher level than object level translated into actual implementation. Guide to build your systems
- MG: Tricky if you include timing.
- RP: List of policies needed.
- MG: Classification is needed.
- RP: Come up with architecture. Assuming ontology will be complete.
- MG: Extend domain model by extending ontology
- RC: Policy description language - resource model or ontology
- MG: Policy for database schema - structure, relationship more easily
- RC: Database schema is static à rich semantics, persistent hierarchies
- Certain integrity constraints - no sense to do it in UNIX
- Mid-level schema to do grunt-work
- KL: Ontology gives us schema. Ontology for policy. Interoperability of languages
- Temporal - theoretical measurements
- Description framework
- Sharable ontology - information systems
- Rules à mapping of limited domain