600.436 High-Assurance Systems
Fall 01/PCMS Exercise
6
PCMS Security Policy (Mutables)
¨Mutable: branch or project
¨Mutables should only be disclosed to authenticated connections
¨Mutables should only be disclosed to clients on the appropriate ACL
¨Every modification to a Mutable
–Must be signed by a user key
–Must be made at the controlling server for that Mutable
¨We assume that the controlling server(s) for a given mutable is trusted by that project