Recasting the problem: policy

• What is “harmful”?

  • Need for security policy to enforce

• DANGERS

  • Abstraction is a challenge
  • Relevant detail disappears
  • Attackers pay attention to these details

• The notion of policy is deeply intertwined with malicious code

• Two basic categories of malicious code (understood through policy)

  • BAD policy
  • Incorrect policy enforcement

Previous slide

Next slide

Back to first slide

View graphic version