600.436
High-Assurance Systems
Fall 01/PCMS Exercise
7
PCMS Design Implications
¨All connections encrypted
SSH or OpenSSL layer handling; undecided
¨Clients must authenticate via public key
It is assumed that there will be well-known anonymous authenticators
¨Entities are named by cryptographic hash of their
content.
These can only be obtained starting from a project or
branch.
Access to project/branch is authenticated based on
authentication key
Note client side can test corruption
¨Untrusted servers are given public access, and
therefore can replicate only public
objects.
Note hybrid security model here!