Control Strategy FormalDeviceVerification

URI: CSG-FormalDeviceVerification

Description: The software for device Host has been analysed by independent experts using formal methods and shown to be free of bugs. It is therefore guaranteed to work correctly for arbitrary (even malicious) inputs. However, this is only possible for simple devices. Note that it does not prevent bugs that are present being discovered and exploited by attackers, so it is a prior mitigation only which is ignored in current (run-time) risk calculations (although in principle no vulnerabilities should ever be found).

(empty)

H.E-D.H.8

Vulnerabilities discovered in device Host: one or more software vulnerabilities in device Host become known to attackers. This is a pre-requisite for exploitation of more specific types of vulnerabilities.

(empty)

FormalVerification at Role_Host

Control Strategy FormalDeviceVerification

Mitigated Threats (0)

Blocked Threats (1)

H.E-D.H.8

Triggers Threats (0)

Control Sets (1)