1

I'm studying for the CISSP exam and trying to wrap my mind around the concept of a Trusted Computing Base. Can someone provide a practical example? The recurring definition I see is that it's a "combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy".

Initially, I was thinking that this was something like an approved vendor workstation system running a base image OS that's pre-configured for the environment... but then later in the course material, the study guide author talks about security perimeters and how the TCB can communicate with other remaining elements of the computer system that exist outside of the TCB.

Wikipedia also is a bit vague on the topic with the only example being:

AIX materializes the trusted computing base as an optional component in its install-time package management system.

Huh?

Mike B
  • 3,458
  • 4
  • 32
  • 42
  • 1
    lots of examples outside of wiki https://www.cl.cam.ac.uk/~rja14/policy11/node22.html http://www.techrepublic.com/article/secure-your-system-with-the-tcb-concept/ – schroeder Apr 26 '17 at 13:59
  • 1
    It's highly conceptual, so any 'examples' are going to be varied – schroeder Apr 26 '17 at 14:01
  • @schroeder Thanks. I guess that explains why I'm having trouble finding examples. :-) – Mike B Apr 26 '17 at 14:12
  • For an information system that seems to be every network equipment, rule firewalls, Authentication server,...,... which make fast a very huge list of components which all of them have probably quite some configurations to enfore security. – Walfrat Apr 26 '17 at 15:02
  • You might want to look up Trusted Platform Modules (TPM) and Intel's Trusted Execution Technology. These are used to ensure by higher level software (the OS) to ensure that computer hardware or low-level software (BIOS) has not been tampered with. – David Jun 26 '17 at 04:36

2 Answers2

1

A very common TCB, though never named as such, is the late great Blackberry phone. Government parties generally require access to OS source to certify as a TCB, but on top of the stock device may be a government-developed document management client, containerised storage, policies enforcing encryption and complex passwords, screen filters limiting shoulder surfing, and secure destruction procedures.

For most companies that handed these to execs they were de facto TCBs. Obviously government classified systems are more strenuous (see Barack Obama's modified Samsung smartphone).

Another way to approach it is to think of the secure room in Mission Impossible (the movie), but a bit more user friendly. It's a useful extreme at the opposite end from off-the-shelf Blackberry - custom hardware, custom software, custom processes, custom room.

Reality is somewhere in the middle, but the key takeaway us the totality of design, deployment and use.

Liam Dennehy
  • 587
  • 2
  • 8
0

As well with the example given by schroeder. A typical example in the UNIX system is the TCB includes kernel, all drivers, firmware, hardware, root, all processes and services running as root, and all programs with suid root privileges.

user153882
  • 773
  • 1
  • 5
  • 14
  • Then, what is not the TCB? – schroeder Apr 26 '17 at 14:48
  • I think standard Unix is a bad example. Anything considered to be a part of the TCB must be exhaustively reviewed and hardened against attack. Some specific components might be hardened, like the system call interface, but certainly not the entire kernel, all random hardware drivers you've installed, and any kernel-level process. – David Jun 26 '17 at 04:28