Outline for June 3, 2013

Reading: [TL00] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #5, due June 6, 2013
  1. Evaluating systems
    1. System Security Engineering Capability Maturity Model (SSE-CMM)
  2. Attack trees
    1. Goals and subgoals
    2. Example: safe cracking
    3. Different functions of nodes and edges
      1. Risk analysis
      2. Feasibility analysis
      3. Cost analysis
    4. Example: attacking PGP
  3. Requires/provides model
    1. Give intuition
    2. Single exploit vs. scenario attacks
    3. Correlation problem
    4. Example: rsh connection spoofing
    5. Capabilities and concepts
    6. Some features of the model
    7. JIGSAW language overview
You can also obtain a PDF version of this. Version of June 2, 2013 at 8:39AM