Revision as of 00:29, 11 February 2014 edit Int80 (talk \| contribs) 53 edits No edit summary ← Previous edit		Revision as of 00:38, 11 February 2014 edit undo Int80 (talk \| contribs) 53 edits →Predicated upon the security policy: “TCB is in the eye of the consultant” Next edit →
Line 29: ==Properties of the TCB== ===Predicated upon the security policy~~: “TCB is in the eye of the consultant”~~=== It should be pointed out that as a consequence of the above Orange Book definition, the boundaries of the TCB depend closely upon the specifics of how the security policy is fleshed out. In the network server example above, even though, say, a [[Web server]] that serves a [[multi-user]] application is not part of the operating system's TCB, it has the responsibility of performing [[access control]] so that the users cannot usurp the identity and privileges of each other. In this sense, it definitely is part of the TCB of the larger computer system that comprises the UNIX server, the user's browsers and the Web application; in other words, breaching into the Web server through e.g. a [[buffer overflow]] may not be regarded as a compromise of the operating system proper, but it certainly constitutes a damaging [[exploit (computer security)\|exploit]] on the Web application.

Trusted computing base: Difference between revisions