600.436
High-Assurance Systems
Fall 01/PCMS Exercise
9
Discussion: Does it Make Sense?
¨Threat
Model
¨What
protection is actually feasible in such a system?
¨What
weaknesses exist in this design?
¨Can
they be resolved without compromising usability?