As the world moves to depend more on electronic services, it is desirable to have a method to analyze the tradeoffs being made. We wish to know the vulnerabilities and points of attack of any given system. Sean suggests a structured approach, building a taxonomy of the vulnerabilities from the inherent structure of the provided services. They placed a partial order on the various services which can be provided, and looked at the differences between the two steps. Services inherit vulnerabilities from below (i.e. weaker services), and stronger services can introduce new vulnerabilities as well. This taxonomic structure also works to model points of attack, which can be thought of as ``inadvertent services.'' An example case is kiosks. There were difficulties resolving the levels of services into quantum steps. A variety of properties (e.g. spatial extension, input privacy) were used to describe the provided services and build the structure of vulnerabilities. Sean emphasized that this is a prototype, and that it is being refined and extended.
Doug Tygar asked if there were hopes for making the process more general. Sean said that the system has some generality, more than shown in the example. Ed Uielmetti asked about weaknesses that are the result of combined services, and are not weaknesses in the components. Sean responded that this is not covered by the method, but that work is in progress.