Security through Containment

• Internal X.509 Certificate Hierarchy

  • All control messages are digitally signed
  • Authorization certificates allow subversion detection and containment

• Denial-of-service / anti-replay protections

  • IPsec provides hop-by-hop authentication
  • Repository and file transfer protocol precautions

• Applet / Algorithm sandboxing

  • Limited privileges for applets, less for algorithms
  • A more secure language would be nice…

Previous slide

Next slide

Back to first slide

View graphic version