|
The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system. By contrast, parts of a computer system outside the TCB must not be able to misbehave in a way that would leak any more privileges than are granted to them in accordance to the security policy. The careful design and implementation of a system's trusted computing base is paramount to its overall security. Modern operating systems strive to reduce the size of the TCB so that an exhaustive examination of its code base (by means of manual or computer-assisted software audit or program verification) becomes feasible. ==Definition and characterization== The term trusted computing base goes back to Rushby,〔 〕 who defined it as the combination of kernel and trusted processes. The latter refers to processes which are allowed to violate the system's access-control rules. In the classic paper ''Authentication in Distributed Systems: Theory and Practice''〔B. Lampson, M. Abadi, M. Burrows and E. Wobber, (Authentication in Distributed Systems: Theory and Practice ), ACM Transactions on Computer Systems 1992, on page 6.〕 Lampson et al. define the TCB of a computer system as simply : ''a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security.'' Both definitions, while clear and convenient, are neither theoretically exact nor intended to be, as e.g. a network server process under a UNIX-like operating system might fall victim to a security breach and compromise an important part of the system's security, yet is not part of the operating system's TCB. The Orange Book, another classic computer security literature reference, therefore provides〔( Department of Defense trusted computer system evaluation criteria ), DoD 5200.28-STD, 1985. In the glossary under entry Trusted Computing Base (TCB).〕 a more formal definition of the TCB of a computer system, as : ''the totality of protection mechanisms within it, including hardware, firmware, and software, the combination of which is responsible for enforcing a computer security policy.'' The Orange Book further explains that : '' In other words, a given piece of hardware or software is a part of the TCB if and only if it has been designed to be a part of the mechanism that provides its security to the computer system. In operating systems, this typically consists of the kernel (or microkernel) and a select set of system utilities (for example, setuid programs and daemons in UNIX systems). In programming languages that have security features designed in such as Java and E, the TCB is formed of the language runtime and standard library.〔M. Miller, C. Morningstar and B. Frantz, (Capability-based Financial Instruments (An Ode to the Granovetter diagram) ), in paragraph ''Subjective Aggregation''.〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「trusted computing base」の詳細全文を読む スポンサード リンク
|