600.436 High-Assurance Systems
Fall 01/PCMS Exercise
7
PCMS Design Implications
¨All connections encrypted
–SSH or OpenSSL layer handling; undecided
¨Clients must authenticate via public key
–It is assumed that there will be well-known anonymous authenticators
¨Entities are named by cryptographic hash of their content.
–These can only be obtained starting from a project or branch.
–Access to project/branch is authenticated based on authentication key
–Note client side can test corruption
¨Untrusted servers are given “public” access, and therefore can replicate only public objects.
–Note hybrid security model here!