600.436 High-Assurance Systems
Fall 01/Operational Assurance
22
Misuse
¨Goal of Misuse is to determine whether the TOE can be configured or used in a manner that is insecure but that an administrator or user of the TOE would reasonably believe to be secure
¨Three Components, levelled on the basis of increasing evidence provided by the developer and the increasing rigour of analysis
–Examination of Guidance
–Validation of Analysis
–Analysis & Testing for Insecure States