POLICY MEETING
September 9, 1999
3085 ENG II
2:00-3:00pm

In attendance:
Karl Levitt (KL), Michael Gertz (MG) and Premkumar Devanbu (PD)

1. BAA 99-33 Proposal
1. Using CYC for language to do reasoning and to translate to theorem provers - HOL, PBS
1. CYC - expressive, huge knowledge base, organized
2. Learning curve with CYC
3. PD: Soundness of resolution, heuristic inferences, probabilistic extension
4. KL: Trying to team with DeSanto; will use CYC as a backup if DeSanto doesn't join the proposal.
5. Inconsistent theories are possible, but microtheories must be consistent
6. PD: Does CYC support ontology exchange?
1. Use some weak logic (CYCL) as an exchange language for policies
2. PD: UML - building a security ontology server
1. Band logic - formalize authentication
2. Lightweight ontology - statically check if they're compatible
3. Goals
1. MG: Description/Frame Logic
1. Don't want to do reasoning at a lower level
2. Specify your systems, policies, mapping, projection rules
2. Two policies may not be compatible - must be able to prove that two policies have no conflicts
3. Projection is an important goal
4. Ways to deny users to the system
1. Block connection
2. System cost/optimization
5. What level o f abstraction for reasoning?
1. Conceptual vs. instance representation
2. VDM model - abstract at lower level - representation of objects - rules at next level
6. MG Develop criteria for soundness and completeness
7. Include existing work
8. Enforcement Mechanisms
1. Configure a mechanism on a lower level
2. Cost model - best enforcement mechanism
1. Cost of policy enforcement
2. Cost to do filtering services
3. Conceptualize services with particular instances
3. Who specifies policies, rules etc?