600.436 High-Assurance Systems
Fall 01/Introduction
24
Threat Enumeration Techniques
¨Fault Trees:
–Enumerate the undesired behavior
–For each, enumerate the possible causes (recursively)
¨FMEA (Failure Modes and Effect Analysis)
–Enumerate all the individual things that could go wrong
–Recursively work upwards to understand the effects on the mission
¨Risk likelihood depends on the objectives of the attacker (Fame? Money? Publicity?)
¨None of the currently known techniques are particular rigorous when applied to software.