Toward a Secure System Engineering Methodology

C. Salter, O. Saydjari, B. Schneier, and J. Wallner

New Security Paradigms Workshop, September 1998, to appear.

ABSTRACT: This paper presents a methodology for enumerating the vulnerabilities of a system, and determining what countermeasures can best close those vulnerabilities. We first describe how to characterize possible adversaries in terms of their resources, access, and risk tolerance, then we show how to map vulnerabilities to the system throughout its life cycle, and finally we demonstrate how to correlate the attacker's characteristics with the characteristics of the vulnerability to see if an actual threat exists. Countermeasures need to be considered only for the attacks that meet the adversaries' resources and objectives. Viable countermeasures must meet user needs for cost, ease of use, compatibility, performance, and availability.

[full text - Postscript] [full text - MS Word 97] [full text - PDF (Acrobat)]

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..