Home Docs Tools Papers Talks Contact
¤ ToorCon 2007 Presentation


From the conference website:

Brenda will present a simple, uniform model for expressing both intended behavior and security problems in terms of privilege. The model, which is a work in progress for the Trike development team, applies at any point during the development process, from requirements to a deployed implementation. This model could be used to automatically combine simple attacks with intended system behavior to achieve more complicated attack goals, replacing the effort-intensive tree-based portion of traditional threat modeling techniques.


Privilege-Centric Security Analysis


Copyright © 2004-2008 Brenda Larcom, Eleanor Saitta, and Stephanie Smith. Copyright © 2009-2012 Brenda Larcom and Eleanor Saitta. All rights reserved.