600.436
High-Assurance Systems
Fall 01/Introduction
24
Threat
Enumeration Techniques
¨Fault Trees:
–Enumerate the undesired behavior
–For each, enumerate the possible causes
(recursively)
¨FMEA (Failure Modes and Effect Analysis)
–Enumerate all the individual things that could go
wrong
–Recursively work upwards to understand the effects on the mission
¨Risk likelihood depends on the objectives of the attacker (Fame? Money? Publicity?)
¨None of the currently known techniques are particular rigorous when applied to software.