600.436 High-Assurance Systems
Fall 01/Operational Assurance
22
Misuse
¨Goal of Misuse is to
determine whether the TOE can be
configured or used in a manner that is insecure
but that an administrator or user of the TOE
would reasonably believe to be secure
¨Three Components,
levelled on the basis of increasing
evidence provided by the developer and the
increasing rigour of analysis
–Examination of
Guidance
–Validation of
Analysis
–Analysis & Testing
for Insecure States