The trusted computing base (TCB) is
|“||[t]he totality of protection mechanisms within a computer (i.e., hardware, firmware, and software) responsible for enforcing security. The ability of a TCB to correctly enforce security depends solely on the mechanisms within the TCB and on the correct input of parameters (e.g., a user's clearance) by system personnel.||”|
The ability of a TCB to correctly enforce a security policy depends on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters related to the security policy.
A TCB architecture is a description of the interrelationships among the hardware, firmware, and software that, in combination, enforce the desired security policies for the system. In principle, a TCB architecture enables analysis to determine if certain security properties hold, and it allows continuous monitoring and verification of the integrity and properties of the TCB (including the kernel, configuration files, secure memory, privileged applications, and running applications).
The TCB is critical to the secure operation of an IT system. If the security of any component of the TCB is compromised, then the security of the entire computing system is suspect and cannot be assured.
|“||A component must be trusted if it has to work for the system to meet its security specification. The set of trusted hardware and software components is called the trusted computing base (TCB). If a component is in the TCB, so is every component that it depends on, because if they do not work, it is not guaranteed to work either.||”|
The TCB kernel must interact with many processes and applications, both locally and over complex networks. Increasing system code complexity makes analysis of components of the TCB as well as interactions with untrusted components increasingly difficult. For all but the simplest of computational components and systems, it can be impractical or impossible to determine whether the TCB operates as desired and enforces all desired system security policies at all times. It is equally difficult to analyze a TCB architecture to ensure that it provides the security functionalities that are desired of a system.
- ↑ NASA Automated Information Security Handbook, App. C.
- ↑ Computers at Risk: Safe Computing in the Information Age , at 89.