September 1, 1999
3085 ENG II

In attendance:
Karl Levitt (KL), Michael Gertz (MG), Jim Hoagland (JH), Brant Hashii (BH), Rick Crawford (RC) and Dave Peticolas (DP)

  1. Proposal Efforts
    1. Workbench for specifying security policies
      1. Interoperability, heterogeneous environment
      2. Template, reason about policy
    2. MG: Organizational framework - local policies, priorities, conflicts
    3. Build set of tools - use existing language and unit them in a set of tools
  2. Classification of Security Policies
    1. Safety and Liveness
    2. Access Control
    3. Confidentiality, Integrity, Reliability
    4. Avoid covert channels
    5. Who can specify policies - administrative policies - override
    6. RC: Intrusion response - contingency policy under certain conditions
    7. MG: Unite language with system descriptions
    8. RC: Quality of service guarantees
      1. MG: Part of system descriptions
      2. Policy compiler - library of different policy translated into policy language
      3. MG: When describing the system, describe properties at the policy level
      4. RC: Use of redundant capabilities in critical systems
  3. Projection Mechanism
    1. Utilize system description, rules?
    2. How is projection mechanism done?
      1. Rules specified from one level to another
      2. Automatic programming won't work
      3. Describe firewall, semantic description
      4. Who specifies what mechanism?


  4. Examples
    1. DP: Different security classification of data based on clearance. Data stored at several sites. Some data can be accessed through a password on a website; other data must have ID badge to enter building
    2. Person is compromised - no longer has clearance - change policy level at a high level
    3. Issues
      1. Data distributed geographically
      2. Interdependencies
      3. Different security implementations at different locations
      4. Optimizations, relative costs
      5. MG: Need complete description of the system to identify systems affected by the policy - users getting access to abstract resources - must refine to concrete data
      6. User names on different systems - spawned processes
      7. Track/Link conceptual info with instance information
      8. Properties of a person - associate instance of a system with ontology
    4. Use CYC for ontology and policy - make it language independent; interoperability among languages.