600.436
High-Assurance Systems
Fall 01/PCMS Exercise
5
PCMS Security Policy (Entities)
¨Entities should only
be disclosed to authenticated connections
¨Entities should only
be disclosed to clients that are authorized to
access some project/branch that (indirectly) references them
¨It should not be
feasible to undetectably corrupt an entity
¨Repository
replicates may run on hostile servers.
–We assume that there is code actively trying to compromise some of these replicates
¨We assume that the
originating server(s) for a given project are trusted by that project