600.436: High-Assurance Systems

Course Plan

Grading Policy

Late-Breaking Book Info

Caveats

Informal Definition: “Assurance”

Reasons for Assurance

Comments on Assurance Process

The Basic Questions of Assurance

Basic Questions of Assurance (Again)

About the Requirements

Caveat About “Security”

Process, not Technology!

Example 1: PGP

Example 2: SSL

Example 3: Windows™

Definition of Security (Classical)

Security Policies

Limitations on Security Policies

Positive vs. Negative Policies:

Policy Realization

Threat Models are not Perfect

Threat Modeling and Risk Analysis

Threat Enumeration Techniques

The Problem of “Systems”

Focus for This Course

Developer’s Point of View