Trusted Computing Base - Definition and Characterization

Definition and Characterization

The term trusted computing base goes back to Rushby, who defined it as the combination of kernel and trusted processes. The latter refers to processes which are allowed to violate the system's access-control rules. In the classic paper Authentication in Distributed Systems: Theory and Practice Lampson et al. define the TCB of a computer system as simply

a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security.

Both definitions, while clear and convenient, are neither theoretically exact nor intended to be, as e.g. a network server process under a UNIX-like operating system might fall victim to a security breach and compromise an important part of the system's security, yet is not part of the operating system's TCB. The Orange Book, another classic computer security literature reference, therefore provides a more formal definition of the TCB of a computer system, as

the totality of protection mechanisms within it, including hardware, firmware, and software, the combination of which is responsible for enforcing a computer security policy.

The Orange Book further explains that

he ability of a trusted computing base to enforce correctly a unified security policy depends on the correctness of the mechanisms within the trusted computing base, the protection of those mechanisms to ensure their correctness, and the correct input of parameters related to the security policy.

In other words, a given piece of hardware or software is a part of the TCB if and only if it has been designed to be a part of the mechanism that provides its security to the computer system. In operating systems, this typically consists of the kernel (or microkernel) and a select set of system utilities (for example, setuid programs and daemons in UNIX systems). In programming languages that have security features designed in such as Java and E, the TCB is formed of the language runtime and standard library.