  The original security architecture for Horus was implemented by Mike Reiter (see <A HREF="http://cs-tr.cs.cornell.edu:80/TR/CORNELLCS:TR93-1367"> A Security Architecture for Fault-Tolerant Systems</A>). In the original implementation of <A HREF="http://simon.cs.cornell.edu/Info/Projects/HORUS/"> Horus</A>, all process groups supported the virtual synchrony model of computation. In order to maintain virtual synchrony (in the crash failure model used in <A HREF="http://simon.cs.cornell.edu/Info/Projects/HORUS/"> Horus</A>), it is necessary for all processes within a group to be honest. As a result, the original security architecture makes the assumption that any process which is allowed to join a group is trusted by all of the group members.  <p>
