600.436
High-Assurance Systems
Fall 01/Introduction
15
Example 2: SSL
¨Claim:
“SSL secures communications between
applications and services...”
¨Assumptions (and
confidences):
1.Client
is not otherwise compromised (0%)
2.Server
is not otherwise compromised (15%)
3.Server
is properly installed (< 30% are)
4.No
“back door” into the server (< 2%)
5.Certificate
authority (CA) has not been compromised (99%)
6.CA
issued crypto keys to the right party (~80%)
7.Server
handles authentication correctly (< 15%)
8.Server
does not expose sensitive information when hacked (0%)
9.DNS
infrastructure intact (85% and falling)
10.Mother’s
maiden name is not in a genealogy database somewhere. (0%)
¨Actions to
Compromise:
–Hack either
machine…