The purpose of this project is to detect misuse of a computer system based on a given security policy. This is commonly known as the "insider problem." The goal is to construct a policy language and to use this language to determine the audit data collected at the application level. We have chosen to concentrate our efforts on the medical policy problem.
We are currently pursuing the following tasks:
Detecting macro viruses
Analyzing the instruction distribution of succeeding mutations of a polymorphic virus
Translating an acceptable use computing policy into a formal specification
Developing a suite of misuse examples
Characterizing the vulnerabilities of an audit subsystem.
Sponsor: Office of Research and Development (ORD)