600.436: High-Assurance Systems

600.436 High-Assurance Systems

Fall 01/Introduction

Threat Modeling and Risk Analysis

¨Identify the possible compromises (threats)

¨Identify the scope of the analysis

–What is “outside the system”

–What assumptions are made about the environment in which the system is operated?

¨For each, scope out the perpetrators, the likelihood, and the expense if this threat becomes real.

¨Based on this, perform a prioritization of risks so that limited development $$$ maximize cost/benefit.