What is a Trusted System or Trusted Computing Base?


A trusted system or a trusted computing base (TCB) provides a secure environment for computer systems that includes the operating system and its security mechanisms, software protection, hardware, physical locations, network hardware and software, firmware, and prescribed procedures (Rouse, 2005). The main features of a trusted computing base are it is reliable, secure and meets the requirements of the users. It enforces security policies to ensure the security of the system and its information. The system safety is achieved by provisioning methods, like controlling access, requiring authorization to access specific resources, enforcing user authentication, safeguarding anti-malware and backing up data (Techopedia, n.d).

The two most important elements of a TCB are the objects and subjects. Objects are anything within the trusted system environment where users are granted to use or access which are labeled with sensitivity levels. Objects can be processes, software, or hardware, and it is a passive entity that are designed to contain or receive information (Gregg, 2013, para 8). Subjects, on the other hand, are processes that wanted to access the objects, which are active entities such as people, processes, or devices (Gregg, 2013, para 7). All the objects must have cleared the same level of classification or higher.

  • These elements are controlled by the reference monitor that can be designed to use tokens, capability lists, or labels (Gregg, 2013, para 10).
    Tokens are used to communicate security attributes before requesting access.
  • Capability lists offers faster lookup than security tokens but are not as flexible.
  • Security labels are used by high-security systems because labels offer permanence. This is provided only by security labels.

The concept of TCB should be applied to software’s that handles and manage highly sensitive information. Some examples are health care software that stores patient information, financial and banking software’s and almost every operating system. Web and cloud computers should also have TCB to prevent unauthorized access and vulnerability to data leak and hacking.

References

  • Gregg, M. (2013). CISSP Exam Cram: Security Architecture and Models. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1998558&seqNum=3
  • Rouse, M. (2005). Trusted computing base (TCB). Retrieved from http://searchsecurity.techtarget.com/definition/trusted-computing-base
  • Techopedia (n.d). Trusted Computing Base (TCB). Retrieved on July 27, 2016 from https://www.techopedia.com/definition/4145/trusted-computing-base-tcb

Like it? Share with your friends!

What's Your Reaction?

Cry Cry
0
Cry
Dislike Dislike
0
Dislike
Like Like
0
Like
hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
Michael Vicente
Michael shares the most interesting stories, videos and photos from technology, business, gaming and entertainment.

0 Comments

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format