600.436 High-Assurance Systems
Fall 01/PCMS Exercise
9
Discussion: Does it Make Sense?
¨Threat Model
¨What protection is actually feasible in such a system?
¨What weaknesses exist in this design?
¨Can they be resolved without compromising usability?