Trusted Computing Base (TCB)

Base components that enforce the fundamental protection mechanisms on a computing system.

  • Hardware;

  • Firmware;

  • Software.

TCB vulnerabilities potentially affect the security of the entire system

TCB by TCSEC (Trusted Computer System Evaluation Criteria, aka Orange Book)

The totality of protection mechanisms within a computing system - including hardware, firmware, and software - the combination of which is responsible for enforcing a computer security policy.

A TCB consists of one or more components that together enforce a unified security policy over a product or system.

The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user's clearance) related to the security policy.

TCB by MITRE

A TCB is a hardware and software access control mechanism that establishes a protection environment to control the sharing of information in computer systems. A TCB is an implementation of a reference monitor, […], that controls when and how data is accessed.

TCB fundamental components

CPU security mechanisms.

  • Protection rings;

  • Virtualization;

  • Other mechanisms;

    • E.g. Intel SGX enclaves, etc.

Operating system security model.

  • Computational model;

  • Access rights and privileges.

Last updated