Trusted Path and Trusted Channel

Trusted Path and Trusted Channel

Trusted Path and Trusted Channel

  • Trusted Computer System
    A system that has the necessary security functions and assurance that the security policy will be enforced and that can process a range of information sensitivities (i.e. classified, controlled unclassified information (CUI), or unclassified public information) simultaneously. (CNSSI 4009-2015)
  • Trusted Computing Base (TCB)
    Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy. (CNSSI 4009-2015)
  • Security Kernel
    Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct. (CNSSI 4009-2015)
  • Trusted Path
    A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software. (CNSSI 4009-2015)
  • Trusted Channel
    A channel where the endpoints are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include transport layer security (TLS), IP security (IPSec), and secure physical connection.  (CNSSI 4009-2015)
  • Trusted Platform Module (TPM)
    A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys. (NIST SP 800-147)
  • Trusted Recovery
    Ability to ensure recovery without compromise after a system failure.  (CNSSI 4009-2015) The Common Criteria (CC) defines four types of trusted recovery: manual recovery, automated recovery, automated recovery without undue loss, and functional recovery.


My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

  • It is available on Amazon.
  • Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

Common Criteria – Evaluation Assurance Level


  • The Target of Evaluation (TOE) under the Common Criteria provides a different level of assurance. The most crucial factor is whether it is engineered based on a design.
  • If a TOE is lack of design, its EAL will be under 3, while a TOE with a design will be methodically reviewed.
  • The EAL of a TOE with a design depends on the condition that it is semi-formally or formally designed. Formal design is usually based on a mathematical model.