|

 
|
| | Name : | Matt Bishop | Organization : | University of California Davis | Post Date : | 9/30/2005 |
| Section : | 20.1.5 | Page no. : | | Line no.: | | Comment : | In the absence of a threat model, the ITA has no other option but to perform ad-hoc testing which produces no real standard, minimal assurances.
We claim, for example, that defense-in-depth exists when an attack path includes a node with multiple countermeasures and a single-point-of-failure exists when multiple nodes employ the same countermeasure. Formalized using an attack tree, checking to be sure defense-in-depth is employed and there are no single-points-of-failure becomes straight-forward; whereas, currently, there is no clear way to enforce these principles. | |
|
|