On Tue, Feb 3, 2015 at 11:43 AM, <dan@geer.org> wrote:
(sacrificial) machines are sacrificed, which is to say they are reloaded/rebooted. Per message.
Network booting a known image is common. Putting the print system in hardware is possible too.
the sacrificial machines are thoroughly instrumented in the countermeasure sense. ... silent failiure
Validation of correct operation, and detection, in face of evil input seems much harder... any and all change to memory dump, files, firmware. All soft parts would need reinitialized. Even becoming recursively expensive. All for a printer on the don't care side of the air gap? Doubtful so long as it passes test vectors. Your opponents highest secrets are historically not likely to come to you embedded in a freaknasty pdf, but on foot. That may be changing [1]. Either way, sometimes nothing beats a roomful of human transcriptionists, translators and auditors with typewriters. [1] Many a gem may even flow through each side's postmaster@ mail.