TABLE OF CONTENTS To determine what exposures a device might be susceptible to, we need to know how the device will work and what resources it will use. Once the basic design of a device is determined, threat modeling can help find exposures but not all. An indepth assessment of the device should still be performed to validate that there is no information leakage. User data should remain user data, and not free-for-all data. The authentication and authorization mechanisms must actively function in a mode of least privilege. This means that the least amount of access is given to each user when that user uses the device.
Some abstract concepts apply directly to determining the exposures or threats for the device:
All data used by a given routine inside a given process at a given time must be trusted unless it is being validated at that moment.
All processes are triggered by an event.
The first event triggered is the establishment of a connection of a user or system to another system.
These concepts suggest, under all circumstances, 100-percent probability for the application to know that an event has occurred, who triggered the event, and whether that event is in violation of the security operating guidelines. However, it is impossible for any technology to accurately determine 100 percent the details of the event who, what, when, where, and how.
Knowing that an event has or will occur can be as valuable as knowing the details of the event.
