A trusted system or a trusted computing base (TCB) provides a secure environment for computer systems that includes the operating system and its security mechanisms, software protection, hardware, physical locations, network hardware and software, firmware, and prescribed procedures (Rouse, 2005). The main features of a trusted computing base are it is reliable, secure and meets the requirements of the users. It enforces security policies to ensure the security of the system and its information. The system safety is achieved by provisioning methods, like controlling access, requiring authorization to access specific resources, enforcing user authentication, safeguarding anti-malware and backing up data (Techopedia, n.d).
The two most important elements of a TCB are the objects and subjects. Objects are anything within the trusted system environment where users are granted to use or access which are labeled with sensitivity levels. Objects can be processes, software, or hardware, and it is a passive entity that are designed to contain or receive information (Gregg, 2013, para 8). Subjects, on the other hand, are processes that wanted to access the objects, which are active entities such as people, processes, or devices (Gregg, 2013, para 7). All the objects must have cleared the same level of classification or higher.
- These elements are controlled by the reference monitor that can be designed to use tokens, capability lists, or labels (Gregg, 2013, para 10).
Tokens are used to communicate security attributes before requesting access. - Capability lists offers faster lookup than security tokens but are not as flexible.
- Security labels are used by high-security systems because labels offer permanence. This is provided only by security labels.
The concept of TCB should be applied to software’s that handles and manage highly sensitive information. Some examples are health care software that stores patient information, financial and banking software’s and almost every operating system. Web and cloud computers should also have TCB to prevent unauthorized access and vulnerability to data leak and hacking.
References
- Gregg, M. (2013). CISSP Exam Cram: Security Architecture and Models. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1998558&seqNum=3
- Rouse, M. (2005). Trusted computing base (TCB). Retrieved from http://searchsecurity.techtarget.com/definition/trusted-computing-base
- Techopedia (n.d). Trusted Computing Base (TCB). Retrieved on July 27, 2016 from https://www.techopedia.com/definition/4145/trusted-computing-base-tcb