|
- ... it1
- An example of this can be seen in threat modeling where the DREAD model of classifying risk includes a high-level evaluation of exploitability as one of the risk factors[14]
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... protections2
- This choice is made by taking into account certain conditions such as the presence or absence of local variables that are declared as fixed-size arrays
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...RAHBAR3
- While this may sound odd at first glance, the high-order two bits are not randomized due to the divide between kernel and user-mode. This assumes that a machine is booted without /3GB.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... structure4
- Copied from Sotirov's write-up with permission
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
|