600.436 High-Assurance Systems
Fall 01/Introduction
21
Policy Realization
¨Just as a policy is stated in context, implementations are built under assumptions
¨These assumptions are:
–Administrative (e.g. logins will not be given out at random)
–Environmental (e.g. physical access to machine is restricted)
–Threat model: the attack scenarios you anticipated
•As opposed to the nuclear attack that you didn’t prepare for
–