翻訳と辞書
Words near each other
・ Truth About Motorways Pty Ltd v Macquarie Infrastructure Investment Management Ltd
・ Truth About Seafood
・ Truth and Advertising
・ Truth and Beauty
・ Truth and Beauty (Ian McNabb album)
・ Truth and Bright Water
・ Trustafarian
・ TrustAfrica
・ TrustCo Bank
・ TRUSTcollective (firm)
・ TRUSTe
・ Trusted by Millions
・ Trusted client
・ Trusted Computer System Evaluation Criteria
・ Trusted Computing
Trusted computing base
・ Trusted Computing Group
・ Trusted Data Format
・ Trusted Email Open Standard
・ Trusted execution environment
・ Trusted Execution Technology
・ Trusted Information Systems
・ Trusted Internet Connection
・ Trusted Like the Fox
・ Trusted Media Brands, Inc.
・ Trusted Mole
・ Trusted Network Connect
・ Trusted operating system
・ Trusted path
・ Trusted Platform Module


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

Trusted computing base : ウィキペディア英語版
Trusted computing base

The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system. By contrast, parts of a computer system outside the TCB must not be able to misbehave in a way that would leak any more privileges than are granted to them in accordance to the security policy.
The careful design and implementation of a system's trusted computing base is paramount to its overall security. Modern operating systems strive to reduce the size of the TCB so that an exhaustive examination of its code base (by means of manual or computer-assisted software audit or program verification) becomes feasible.
==Definition and characterization==
The term trusted computing base goes back to Rushby,〔
〕 who defined it as the combination of kernel and trusted processes. The latter refers to processes which are allowed to violate the system's access-control rules.
In the classic paper ''Authentication in Distributed Systems: Theory and Practice''〔B. Lampson, M. Abadi, M. Burrows and E. Wobber, (Authentication in Distributed Systems: Theory and Practice ), ACM Transactions on Computer Systems 1992, on page 6.〕 Lampson et al. define the TCB of a computer system as simply
: ''a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security.''
Both definitions, while clear and convenient, are neither theoretically exact nor intended to be, as e.g. a network server process under a UNIX-like operating system might fall victim to a security breach and compromise an important part of the system's security, yet is not part of the operating system's TCB. The Orange Book, another classic computer security literature reference, therefore provides〔( Department of Defense trusted computer system evaluation criteria ), DoD 5200.28-STD, 1985. In the glossary under entry Trusted Computing Base (TCB).〕 a more formal definition of the TCB of a computer system, as
: ''the totality of protection mechanisms within it, including hardware, firmware, and software, the combination of which is responsible for enforcing a computer security policy.''
The Orange Book further explains that
: ''()he ability of a trusted computing base to enforce correctly a unified security policy depends on the correctness of the mechanisms within the trusted computing base, the protection of those mechanisms to ensure their correctness, and the correct input of parameters related to the security policy.''
In other words, a given piece of hardware or software is a part of the TCB if and only if it has been designed to be a part of the mechanism that provides its security to the computer system. In operating systems, this typically consists of the kernel (or microkernel) and a select set of system utilities (for example, setuid programs and daemons in UNIX systems). In programming languages that have security features designed in such as Java and E, the TCB is formed of the language runtime and standard library.〔M. Miller, C. Morningstar and B. Frantz, (Capability-based Financial Instruments (An Ode to the Granovetter diagram) ), in paragraph ''Subjective Aggregation''.〕

抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「Trusted computing base」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.