Trusted computing base: Difference between revisions

In other words, a given piece of hardware or software is a part of the TCB if and only if it has been designed to be a part of the mechanism that provides its security to the computer system. In [[operating system]]s, this typically consists of the [[kernel (computer science)|kernel]] (or [[microkernel]]) and a select set of system utilities (for example, [[setuid]] programs and [[Daemon (computer software)|daemons]] in UNIX systems). In [[programming language]]s that have security features designed in such as [[Java (programming language)|Java]] and [[E (programming language)|E]], the TCB is formed of the language runtime and standard library.<ref>M. Miller, C. Morningstar and B. Frantz, [http://www.erights.org/elib/capability/ode/ode-linear.html Capability-based Financial Instruments (An Ode to the Granovetter diagram)], in paragraph ''Subjective Aggregation''.</ref>

 

 

===Predicated upon the security policy===

It should be pointed out that as a consequence of the above Orange Book definition, the boundaries of the TCB depend closely upon the specifics of how the security policy is fleshed out. In the network server example above, even though, say, a [[Web server]] that serves a [[multi-user]] application is not part of the operating system's TCB, it has the responsibility of performing [[access control]] so that the users cannot usurp the identity and privileges of each other. In this sense, it definitely is part of the TCB of the larger computer system that comprises the UNIX server, the user's browsers and the Web application; in other words, breaching into the Web server through e.g. a [[buffer overflow]] may not be regarded as a compromise of the operating system proper, but it certainly constitutes a damaging [[exploit (computer security)|exploit]] on the Web application.

 

 

===A prerequisite to security===