Outline for May 31, 2013

Reading: [TL00] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #5, due June 6, 2013
  1. Evaluating systems
    1. Trusted Computer Security Evaluation Criteria (TCSEC, Orange Book)
    2. FIPS 140
    3. Common Criteria (CC)
    4. System Security Engineering Capability Maturity Model (SSE-CMM)
  2. Attack trees
    1. Goals and subgoals
    2. Example: safe cracking
    3. Different functions of nodes and edges
      1. Risk analysis
      2. Feasibility analysis
      3. Cost analysis
    4. Example: attacking PGP
  3. Requires/provides model
    1. Give intuition
    2. Single exploit vs. scenario attacks
    3. Correlation problem
    4. Example: rsh connection spoofing
    5. Capabilities and concepts
    6. Some features of the model
    7. JIGSAW language overview
You can also obtain a PDF version of this. Version of May 30, 2013 at 2:15PM