Review agenda. Select a timekeeper.
Audit Countermeasures (0:10) Chris the next experiment Brainstorm statement of work (0:30) Chris OpenTrap tool (0:30) Kathy Intrusion and Anomaly Detection in Trusted Systems, J.R. Winkler and W.J.Page (0:30) Steven -- This paper is about a prototype system to detect misuse by trusted individuals. It is interesting that it has much in common with what we've been discussing and proposing for a system design. An interesting note is that this work was done in the late 80s, early 90s. Also, they specify an interesting model for misuse detection based on a methodology used by the intelligence community. Admin (0:10) Julie's workstation Topics for next agenda (0:10)
12-August-97 Meeting Notes, 1:11pm - 3:20pm
Attendees: Chris, Kathy, Brant, Scott, Steven T., Karl
Audit Countermeasures (0:20) Chris we discussed how the next set of experiments would be run. Scott, Kathy and Chris are to be briefed by Brant before he leaves. We discussed details about how to perform timing, how to control audit log space allocation (mostly through event viewer) and other parameters. OpenTrap tool (0:20) Kathy Kathy gave her evaluation of the opentrap debugging tool for Win95. She compared it to the NT auditor and event viewer. After some discussion about whether NT supports a system-call-intercept (hooking) API, we decided not to pursue open trap. Intrusion and Anomaly Detection in Trusted Systems, J.R. Winkler and W.J.Page (0:30) Steven -- This paper is about a prototype system to detect misuse by trusted individuals. It is interesting that it has much in common with what we've been discussing and proposing for a system design. An interesting note is that this work was done in the late 80s, early 90s. Also, they specify an interesting model for misuse detection based on a methodology used by the intelligence community. Karl volunteered to find out if PRC still has prototype. Admin (0:10) Julie's workstation Karl will find out whether Matt and Janine want the machine back. Chris asked Scott to be chief whip on bibliography Steven suggested using RCS to maintain bibligraphy but immediately withdrew the suggestion. Topics for next agenda (0:10) Brainstorm statement of work (0:20) Chris Prepare for Susan's visit on Sep 9 Policy specification Paper by Cuppens on Deontic Logic (0:30) Karl