600.436 High-Assurance Systems
Fall 01/PCMS Exercise
5
PCMS Security Policy (Entities)
¨Entities should only be disclosed to authenticated connections
¨Entities should only be disclosed to clients that are authorized to access some project/branch that (indirectly) references them
¨It should not be feasible to undetectably corrupt an entity
¨Repository replicates may run on hostile servers.
–We assume that there is code actively trying to compromise some of these replicates
¨We assume that the originating server(s) for a given project are trusted by that project