Review agenda. Select a timekeeper.
writing an explicit & formal Security Policy (0:20) Steven Configuring NT server (0:10) Kathy Macro viruses in Office 97 (0:25) Julie Generic methodology of something or other (0:30) Scott ORD visit (0:20) Matt Database policy problem (0:10) Brant. Does Brant need help? use Steven perhaps? Admin (0:05) Debrief IA, Financial aid meeting with Pat Kearney (0:10) Steven Scott would like an video projector Topics for next agenda (0:10)
15-July-97 Meeting Notes, 1:05pm - 3:10pm
Attendees: Steven Templeton, Chris, Julie, Brant, Scott Miller, Kathy Lam, Matt Bishop (last 30 mins)
writing an explicit & formal Security Policy (0:20) Steven What is the point of this exercise? Brant, Steven and Scott asked this. Brant proposes that Friday's 3-hour formal policy construction exercise was not productive because we lacked a formal language. Steven thinks we were using just general math and logic. Julie feels we have enough examples. Scott and Steven would like test cases to be as general as possible. Chris disagrees and wants test cases to be as specific as possible. Decided to have another meeting this week to construct a formal policy. Configuring NT server (0:10) Kathy NT works, 95 does not. 95 networking is totally broken. Kathy described the NT registry and asked about the OpenTrap software that Chris stumbled upon. eventually move Toshiba computer to Scott's desktop. Macro viruses in Office 97 (0:25) Julie Julie distributed a write-up about macro viruses. She has scheduled a demo of the macro virus creator lab on Monday, 21-july-97. she will emphasize the characterization and detection sections. Generic methodology of something or other (0:30) Scott Scott did a fine job presenting the paper. Complained that Steven/Chris stole his thunder. No data. Chris wanted to know if the methodology was evaluated. There was a lot of discussion about how to construct experiments of this kind when data is lacking. Suggestions to look at anthropology or paleontology about how to construct hypothesis and experiments. how to ensure that assessment of sensitivity levels are correct? good examples of different types of data objects and processes that use those objects in a healthcare environment. ORD visit (0:20) Matt Brant proposes to use SQL as a policy specification language and SQL queries upon an audit log (database) becomes a misuse detection approach. Since Brant is already spread pretty thin, Steven might work on this problem. Also Brant may work on it after mid-August. Chris suggested that he discharge his current obligations so that Brant is free to join the Ariel project. Chris asked everyone to prepare their tech reports, put them on the WWW in PDF or HTML. Also make up 4-8 viewgraphs by Aug 1. Chris or Karl can take them to ORD Aug 5. Send URLs to Chris. Admin (0:05) Steven will drop by Alan's office to get the financial aid data dictionary. There should be a computer and video projector in 1131 and 3085 for the purposes of making presentations. Matt said he would suggest it at the next ITC meeting. tuesdays 22-jul meeting moved to thursday 24-jul -- julie, chris and matt cannot attend tuesday 29-jul meeting moved to wednesday 30-jul -- julie coming back from bas--uuh-ton Topics for next agenda (0:10) Virus demo Review tech reports and transparencies. paper EFD: A hybrid knowledge/Statistical based system for the detection of fraud. SGML presentation by Matt, after mid-Aug. Scott lead a discussion of dataless scientific inquiry.