Slide 22
Slide 22 text
Unlock policy
Security is not binary
Policy should be driven by business needs, not technology
How can we support arbitrarily complex unlock policy? e.g.
stage1 ← S ⊂ {pwd, tang, smartcard, fingerprint}, |S| ≥ 2
stage2 ← {stage1, tpm}
unlock ← S ⊂ {stage2, pwd}, |S| ≥ 1