Food
Steven had a blueberry muffin, Julie bagels, Brant and Raymond
sandwiches and Chris a hummus bagel.
Hours
The group feels that not enough student time has been devoted
to the project and that we need to ask the PIs to add 1 more
graduate student to the project. An undergrad added during the
summer would help, but not during the winter.
Alternatively, ask ORD for a 6-month no-cost extension to the
project.
Research objectives for Winter Quarter (2:00) Chris
We have agreed upon individual research plans and milestones.
Collectively, these plans are compatible with the project plans and
will advance the project. Chris will combine the plans from
individuals into a group plan
Steven:
+ A written report on existing NT auditing facilities & hypotheses
of detectable forms of misuse.
+ Proposal for extensions to NT audit facilities
Julie:
+ Thesis proposal
+ Implementation of Raymond Lo's examples from his thesis.
+ Tester's assistant deliverable
+ Buy a book and CD on Java/ActiveX
(much more detail is available in her personal research plan)
Julie advises us that we should always expect prevention to be less
than 100% and identify the alternatives beforehand.
Brant:
+ Definitions of session abstractions.
+ Implementation to parse NT audit logs into session abstractions. See
Chris' previous work on BSM audit logs (~wee/src/aggregation)
+ Report on how to prevent malicious behavior in downloadable environments
(e.g. ActiveX/Java), leverage off Raju's proposal. Highlight issues of
trust in such environments.
Raymond:
+ Report on selected forms of misuse characterization;
esp. in database systems. (by end of quarter)
Chris:
+ Implementation/Framework for on-line analysis of NT audit logs. The
framework will discuss the necessary privileges, drivers, and advice
on how to write a simple on-line audit log program.
+ Auditing of NT base objects and a review of NT 3.51 Trusted evaluation
report.
+ A tool that can identify standard application programs from audit logs
(not including obvious attributes such as program names). This will
serve as a test of the previous framework.
NT Vulnerabilities report (0:15)
skipped, only Chris and Steven have had a chance to read it.
Monthly reports (0:10)
Steven will write the December report; Chris has given him e.copies
of the Oct and Nov ones. Chris will write the January report.
Topics for next agenda (0:05)
NT Vulnerabilities report
notable research results
add dates to milestones and research plans
monthly report status
group gettogethers or meals/calendar