POLICY MEETING
September 1, 1999
3085 ENG II
3:00-4:00pm
In attendance:
Karl Levitt (KL), Michael Gertz (MG), Jim Hoagland (JH), Brant Hashii (BH), Rick Crawford (RC) and Dave Peticolas (DP)
- Proposal Efforts
- Workbench for specifying security policies
- Interoperability, heterogeneous environment
- Template, reason about policy
- MG: Organizational framework - local policies, priorities, conflicts
- Build set of tools - use existing language and unit them in a set of tools
- Classification of Security Policies
- Safety and Liveness
- Access Control
- Confidentiality, Integrity, Reliability
- Avoid covert channels
- Who can specify policies - administrative policies - override
- RC: Intrusion response - contingency policy under certain conditions
- MG: Unite language with system descriptions
- RC: Quality of service guarantees
- MG: Part of system descriptions
- Policy compiler - library of different policy translated into policy language
- MG: When describing the system, describe properties at the policy level
- RC: Use of redundant capabilities in critical systems
- Projection Mechanism
- Utilize system description, rules?
- How is projection mechanism done?
- Rules specified from one level to another
- Automatic programming won't work
- Describe firewall, semantic description
- Who specifies what mechanism?
- Examples
- DP: Different security classification of data based on clearance. Data stored at several sites. Some data can be accessed through a password on a website; other data must have ID badge to enter building
- Person is compromised - no longer has clearance - change policy level at a high level
- Issues
- Data distributed geographically
- Interdependencies
- Different security implementations at different locations
- Optimizations, relative costs
- MG: Need complete description of the system to identify systems affected by the policy - users getting access to abstract resources - must refine to concrete data
- User names on different systems - spawned processes
- Track/Link conceptual info with instance information
- Properties of a person - associate instance of a system with ontology
- Use CYC for ontology and policy - make it language independent; interoperability among languages.