¤ ToorCon 2007 Presentation

Summary

From the conference website:

Brenda will present a simple, uniform model for expressing both intended behavior and security problems in terms of privilege. The model, which is a work in progress for the Trike development team, applies at any point during the development process, from requirements to a deployed implementation. This model could be used to automatically combine simple attacks with intended system behavior to achieve more complicated attack goals, replacing the effort-intensive tree-based portion of traditional threat modeling techniques.

Summary

Slides