Skip to main content

Home Trusted computing base

Trusted computing base

Trusted computing base definition

The trusted computing base (TCB) is a set of components in a computer system that are critical to a system's security. These can be hardware, software, or firmware. The TCB maintains the integrity and confidentiality of the system and prevents unauthorized access.

See also: trusted computing, cybersecurity framework, end-to-end encryption, security policy

Properties of the trusted computing base

  • Security enforcement. The TCB enforces the system's security policy, ensuring that all operations follow these rules.
  • Minimality. Ideally, the TCB should be as small and simple as possible to avoid security vulnerabilities.
  • Tamper resistance. Components within the TCB should be resistant to tampering or unauthorized changes.
  • Isolation. The TCB must be isolated from other system components to prevent interference or compromise.
  • Complete mediation. It must mediate all attempts of access to data and system resources, ensuring that each access is authorized.
  • Verifiability. The TCB should be designed and implemented in a manner that allows its correctness and security to be verified.
  • Transparency. Users not dealing with security functions shouldn't really notice the TCB operating in the background.

Examples of trusted computing base components

  • Operating system kernel. The core part of an operating system managing resources and system calls.
  • Security-critical hardware. Components like Trusted Platform Modules (TPMs) and Secure Enclaves in processors.
  • Boot firmware. BIOS or UEFI firmware that initializes and tests system hardware during the boot process.
  • Security-critical software. Applications or software components like firewalls, antivirus programs, or encryption modules.
  • Database management systems. The DBMS might be part of the TCB in systems where data security is crucial.
  • Virtualization hypervisors. In virtualized environments, the hypervisor managing virtual machines can be a part of the TCB.