What Is EB?
Look to real world
Normalize for deployment?
Smaller and larger tests
Deployed systems survivability time?
Does this system survive this attack?
Analogy to safes, TL-15, TL-60, F-30
We explicitly blame the designer:
systems are deployed in the real world, not a lab.
Ease of administration matters.
Why Johnny canŐt encrypt.
Your grandmother has to remove spyware.
Why do we hypothesize, test and repeat?
Survivability time, not survivability average:
Mean & median matter