600.436
High-Assurance Systems
Fall 01/Introduction
12
Caveat About “Security”
¨Security is filled
with terms that are not rigorously defined.
–This is easy to overlook – people assume common meanings that do not really exist.
–As a result, these
terms are undefined in real practice.
–Usually, this signals
a failure of rigor in the threat
model.
¨Defining these terms
is inherently context dependent.
¨For example:
–Secure from whom, and
under what assumptions, and in what context, and at what cost to the attacker?
–What exactly is to be
secured? Information? Access? Resources?