ABSTRACT
One of the most daunting challenges currently facing security researchers and practitioners is one of determining how secure a specific computer subsystem, product, or component may be. There have been numerous attempts to apply a variety of criteria to this problem so information systems implementers and purchasers can make judgments about security issues in the acquisition and implementation of specific products and architectures. This unrewarding pursuit finds its highest expression in the search for the secure computer out of the box.
