Trusted computing base definition
The trusted computing base (TCB) is a set of components in a computer system that are critical to a system’s security. These can be hardware, software, or firmware. The TCB maintains the integrity and confidentiality of the system and prevents unauthorized access.
Properties of the trusted computing base
- Security enforcement. The TCB enforces the system’s security policy, ensuring that all operations follow these rules.
- Minimality. Ideally, the TCB should be as small and simple as possible to avoid security vulnerabilities.
- Tamper resistance. Components within the TCB should be resistant to tampering or unauthorized changes.
- Isolation. The TCB must be isolated from other system components to prevent interference or compromise.
- Complete mediation. It must mediate all attempts of access to data and system resources, ensuring that each access is authorized.
- Verifiability. The TCB should be designed and implemented in a manner that allows its correctness and security to be verified.
- Transparency. Users not dealing with security functions shouldn’t really notice the TCB operating in the background.
Examples of trusted computing base components
- Operating system kernel. The core part of an operating system managing resources and system calls.
- Security-critical hardware. Components like Trusted Platform Modules (TPMs) and Secure Enclaves in processors.
- Boot firmware. BIOS or UEFI firmware that initializes and tests system hardware during the boot process.
- Security-critical software. Applications or software components like firewalls, antivirus programs, or encryption modules.
- Database management systems. The DBMS might be part of the TCB in systems where data security is crucial.
- Virtualization hypervisors. In virtualized environments, the hypervisor managing virtual machines can be a part of the TCB.