Trusted Computing Base (TCB)

Base components that enforce the fundamental protection mechanisms on a computing system.

• Hardware;

• Firmware;

• Software.

TCB vulnerabilities potentially affect the security of the entire system

TCB by TCSEC (Trusted Computer System Evaluation Criteria, aka Orange Book)

The totality of protection mechanisms within a computing system - including hardware, firmware, and software - the combination of which is responsible for enforcing a computer security policy.

A TCB consists of one or more components that together enforce a unified security policy over a product or system.

The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user's clearance) related to the security policy.

TCB by MITRE

A TCB is a hardware and software access control mechanism that establishes a protection environment to control the sharing of information in computer systems. A TCB is an implementation of a reference monitor, […], that controls when and how data is accessed.

TCB fundamental components

CPU security mechanisms.

• Protection rings;

• Virtualization;

• Other mechanisms;

  • E.g. Intel SGX enclaves, etc.

Operating system security model.

• Computational model;

• Access rights and privileges.