Your company is procuring computer systems to support the new business of video streaming services. You are responsible for ensuring the computer systems are compliant with the security policies in your company. Which of the following is your most concern?
A. Trusted Computing Base
B. System Design Flaws
C. Security Kernel
D. Implicit Covert Channels
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Trusted Computing Base.
Trusted Computing Base (TCB)
- The totality of protection mechanisms within a computer system — including hardware, firmware, and software — the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system.
- The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user’s clearance) related to the security policy.
The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct.
An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed.
A communication channel that allows a process to transfer information in a manner that violates the system’s security policy.
Source of Definitions: DoD 5200.28-STD (Orange Book)