BOEING MEETING
March 10, 1999
2:15 – 3:30
1131 ENG II
In attendance:
Karl Levitt (KL), David Klotz (DK), Jeff Rowe (JR), Jason Schatz (JS),
and Chris Wee (CW)
TOPICS
Boeing Visit/Task List
Other News
-
Boeing Visit/Task List
-
Integrated Feasibility Demonstration (IFD) changed to Integrated Feasibility
Experiments (IFE)
-
Dan Schnackenberg wants us to test our system in the next six months to
determine whether it would do as well as a human at response
-
They have extensive local cost models.
-
Installation on Tick will likely be difficult.
-
Task 1: Get all values/costs from Dalen and Kelley's cost model
and determine whether our cost model is a reasonable design.
-
Utility Theory - belief in the state of a system; various actions available
- take action of greatest utility
-
How is this different from hill-climbing?
-
Optimize for collective benefit
-
Summary benefit across the network to generate maximum number vs. equal
degradation
-
No more cheap gooey tricks!
-
Task 2: Determine capability of responders in cost model
-
Task 3: Output from correlation engine - use CIDF
-
Ex. Worm in CIDF/GIDO language
-
Task 4: Ability to override actions of the cost model (UNDO button)
-
Wrapper Configuration Language (WML) - Bob Balser on NT, FreeBSD, and Solaris
systems
-
Dan leans toward using a host-based response.
-
Task 5: List of responses we want to take (specifications) - Chris
Wee will do this task.
-
See of macro tasks - stop a user or a connection
-
Drew has a system that detects intruders, increases auditing, keeps files
that the intruder deletes, scans the intruder to pick up SSH keys (for
post-mortem decryption)
-
Two applications for TIS
-
Transparent encrypted file system
-
Virtual world for attacker (padded cell, sandbox, fishbowl)
-
Task 6: We currently rely on IDIP connection timeouts. We need to
be able to tell local IDIP nodes to remove blocking
-
Centralized control has to have ultimate control
-
Keep track of responses made, add a time, a queue -- Stalin Cost Model
-
Task 7: Make an OS response toolkit (wrappers can't do it).
-
This task will likely be impossible
-
Task 8: Documentation for Boeing - no one knows how to run code
-
Other News
-
Applications Conference - Jason submit a response paper
-
JS: Difficult to map connections to a value
-
Bidirectionality - specify value connection to web server
-
Ken Shodding Initiative: Partners Program
-
Jim Hoagland/Chris Wee involved
-
Talk to Ken about GrIDS
-
Seclab Research Network (Firewall) is up and running
-
Plan to visit CISCO on the 19th