600.436
High-Assurance Systems
Fall 01/Introduction
21
Policy Realization
¨Just as a policy is
stated in context, implementations are built
under assumptions
¨These assumptions
are:
–Administrative (e.g.
logins will not be given out at random)
–Environmental (e.g. physical access to machine is restricted)
–Threat model: the
attack scenarios you anticipated
•As opposed to the
nuclear attack that you didn’t prepare for