Problem space (continued)

• Need well-defined semantics

• Secure, sound and comprehensible

  • it should be possible for a human to understand what an IPSP policy does
  • it should be compatible with security proofs
  • correct implementation should be straightforward, especially with respect to security-critical aspects

Previous slide

Next slide

Back to first slide

View graphic version