© February 6, Novell Inc.
4
So what ÒevidenceÓ can you show?
How about starting with a description of the environment?
¥Defines experimental context and assumptions
Ðyou need experimental ÒcontrolsÓ, right?
Will you test to see if some security objectives are met?
¥what security policy? is the system responsible for all aspects of them, or is the environment responsible for some?
¥should you test to see which ones aren't met?
Do you know what the thing is supposed to do?
¥what does it touch?  what does it need to work?
Do you know what the thing is NOT supposed to do?
¥can you prove it won't?  How?