A real example

• High-level specification risk:

  • data-integrity algorithm identified as weak
    (e.g., a simple HASH function)
  • fit this weakness into an attack scenario

• Detailed implementation specification risk:

  • ensure the risk still holds for particular platform

• Probe the risk by testing

  • use the identified weakness to attack the product

Previous slide

Next slide

Back to first slide

View graphic version