Security Background Basic assumptions: We do not know how to write secure software. Guaranteeing software correctness is infeasible as software and supporting infrastructure is too complex. Applications contain exploitable bugs. These bugs are known to adversaries and may be used to obtain unauthorized privileges. We do now know how to measure security. No way to quantify security. Layer different security measures so that one of them catches adversaries.