Baseline Operating Systems Security™
Working Group

MINUTES

May 6, 2004
NIST, Gaithersburg, Maryland USA

 

 

Presiding: Jack Cole
Author of Minutes: Jack Cole
Note Taker: Gary Stoneburner

Meeting was called to order at 9:30 am ET . Participants introduced themselves, and attendance taken.

ATTENDANCE (7)

Hugo Badillo/DoD
Chris Bonatti/IECA
Jack Cole/ARL
Katherine Guo/Panasonic
Craig Noah/Northrop Grumman (via telephone)
John Sforza/ISRisk
Gary Stoneburner/NIST

The agenda was accepted as proposed, and the IEEE Patent Policy was reviewed using the authorized slide set.

Operating procedures were discussed. ACTION: Jack still has not written these, but will circulate proposed procedures to the group before the June meeting.

MAIN BUSINESS

This was the second meeting of the BOSS working group, many new participants were present, and many of the same areas were discussed as in the first meeting with similar conclusions resulting.

No new fundamental decisions were made.

Gary completed a comparison of the BOSS (or NIST CSPP-OS) and the medium robustness protection profile that appears at IATF.NET, (a.k.a. the SLMRPP protection profile), and brought this to the meeting for discussion.

As a result of that discussion, it was decided that it would help the process of harmonization if the group could examine the philosophies behind the requirement sets for these two operating system protection profiles.

ACTION: Gary and Hugo will in three weeks prepare and deliver to the group brief descriptions (one page, more if needed) of these philosophies.

Concerns about encompassing the needs for real-time, embedded operating systems; for the explicit expression of the BOSS objectives; for threat evaluation; for the need for hierarchy between the two mentioned profiles; and for mapping the common criteria framework to the format of an IEEE standard were topics from the previous meeting re-examined at this meeting.

A new concern was voiced that requirements for an unrealistic environment and use will result in weaker security. This will be added to the running list of unresolved issues on the BOSSWG.ORG site.

ACTION: When the new operating system protection profile becomes available at IATF.NET, Jack will place a link at BOSSWG.ORG.

 

SUMMARY OF ACTIONS REQUIRED

  1. Develop brief descriptions of the philosophies for the requirements sets on which the NIST CSPP-OS and the IATF.NET SLMRPP are based (Gary, Hugo)
  2. Determine IEEE capability to protect its mark (Jack)
  3. Find out how well the NIST CSPP-OS maps to the format of an IEEE standard (Jack)
  4. Draft a set of policies and procedures for the group (Jack)
  5. Get stakeholders involved (All)

 

NEXT MEETINGS

June 9, 2004, noon-4pm
at the United States Military Academy, West Point, NY

July 14, 2004, 9:30a-3:30p
at JHU Applied Physics Lab, Laurel, MD


updated Thursday, May 20, 2004
Contact Webmaster

This site and all contents (unless otherwise noted) are Copyright © 2004
Institute of Electrical and Electronics Engineers, Inc.
All rights reserved.