Answer any 2:
What is Verena’s attacker model? Don’t just rehash what’s in the paper. Instead think about different stages (e.g., server was not compromised then it was compromised, what can the attacker do?).
Describe the components that make up Verena’s architecture and their individual roles.
What are trust contexts and why are they necessary?
How do Verena’s integrity guarantees differ from Hails’ integrity guarantees?