Trusted computing base: Difference between revisions

Due to the aforementioned need to apply costly techniques such as formal verification or manual review, the size of the TCB has immediate consequences on the economics of the TCB assurance process, and the trustworthiness of the resulting product (in terms of the [[expected value|mathematical expectation]] of the number of bugs not found during the verification or review). In order to reduce costs and security risks, the TCB should therefore be kept as small as possible. This is a key argument in the debate opposing [[microkernel]] proponents and [[monolithic kernel]] aficionados.<ref>[[Andrew S. Tanenbaum]], [http://www.cs.vu.nl/~ast/reliable-os/ Tanenbaum-Torvalds debate, part II] (12 May 2006)</ref> The aforementioned Coyotos kernel will be of the microkernel kind for this reason, despite the possible performance issues that this choice entails.