In attendance:
Karl Levitt (KL), Premkumar Devanbu (PD), Michael Gertz (MG), Jim Hoagland (JH), Dan Zerkle (DZ)

1. DARPA 99-10
1. Policy Language – apply it to intrusion detection or data mining
2. DZ: Will rewrite his scenario
3. DZ: Policy statements must be used for intrusion detection, checking or enforcement
1. Need an explanation of UML and its utilities
4. KL: Define what UML can do, that ADAGE cannot do
1. MG: UML is more expressive
2. KL: UML has tools, ADAGE does not
1. Indicate tools and how they’d be used

 
2. Innovative Claims – 1 page
1. Scalable Design – Policy System Integration
1. Limitations of current system, separation of design and policy
2. Leverage existing software and technology
3. Expressive language for policy and systems specification
4. Evaluation: Static, Analysis, Verification, Simulation
5. SE Stuff: Encapsulation, Information hiding
6. Language Features
1. Dynamic Behavior
2. Regular Expression
7. Executable Model
8. Reason About Changes
9. Comparison with Existing Work – ADAGE, BAN LOGIC, CORBA, Formal methods
1. Integration of existing work
2. Take existing components and goals; map policy down to wrappers, firewalls, IDS, agents
10. Contributions to Legacy
1. Model existing system and its component à evolving
2. Reengineer some existing systems
3. Tasks
1. Extending UML for security using Meta features
2. Model existing systems/components
1. How to model wrapper, router or firewall
2. Legacy components – modeling an advantage over ADAGE using FSM, statecharts
3. Map model to mechanism - software
3. Produce Policy Specification
1. Study impact of security policies
4. Adapt and Extend UML Tools
1. Design, Simulation, Analysis
5. Develop UML Security-Centered Methodology