Short note on Security Assessment.

Security Assessment 

- Security assessment has something in common with a safety assessment.

- It is intended to demonstrate that the system cannot enter some state (an unsafe or an insecure state) rather than to demonstrate that the system can do something.

- However, there are differences

  • Safety problems are accidental; security problems are deliberate;
  • Security problems are more generic - many systems suffer from the same problems; Safety problems are mostly related to the application domain


Security validation

Experience-based validation

- The system is reviewed and analyzed against the types of attacks that are known to the validation team.

Tool-based validation

- Various security tools such as password checkers are used to analyze the system in operation.

Tiger teams

- A team is established whose goal is to breach the security of the system by simulating attacks on the system.

Formal verification

- The system is verified against a formal security specification.



Comments

Popular posts from this blog

What are different steps used in JDBC? Write down a small program showing all steps.

Pure Versus Partial EC

Discuss classification or taxonomy of virtualization at different levels.