SUBVERTING THE CHAIN OF CONTROL



  Bootstrap the computer from a separate USB drive or DVD that contains an OS controlled by the attacker. This bypasses Alice’s normal operating system and uses the different, bootstrapped one to modify her hard drive.
  Trick Alice into running software that attacks her files. If she starts a process, the process has full access to her files.
  Trick the operating system, or an administrator, into running a subverted program with administrative or system privileges. This often allows a program to bypass security restrictions. This is how the Morris Worm attacked through the finger process.
We can install security measures to block these vulnerabilities, but we need to decide that these are risks worth addressing. This depends on the threat agents who might bootstrap her computer.

(Smith 76)