600.436
High-Assurance Systems
Fall 01/Introduction
16
Example 3: Windows™
¨Claim: None
¨Assumptions
(confidences):
–All code is trusted
code (0%)
–Attacker has sub-20
I.Q. (0%)
¨Actions to
Compromise:
–Run the installer
[ This
is done by the user, which saves the potential hacker a great deal of time. ]
–Turn the machine
on.
¨Well, at least the
claim is right…