| Policy Realization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ | Just
as a policy is stated in context, |
||||||||||||||
| implementations
are built under assumptions |
|||||||||||||||
| ¨ | These
assumptions are: |
||||||||||||||
| – | Administrative
(e.g. logins will not be given out at |
||||||||||||||
| random) |
|||||||||||||||
| – | Environmental
(e.g. physical access to machine is |
||||||||||||||
| restricted) |
|||||||||||||||
| – | Threat
model: the attack scenarios you anticipated |
||||||||||||||
| • | As
opposed to the nuclear attack that you didn’t prepare for |
||||||||||||||
|
|
| 600.436 High- |
|
| Assurance
Systems |
|
| Fall
01/Introduction |
| 21 |