A Trusted Computing Base (TCB) is the total combination of protection mechanisms within a computer system, including hardware, firmware, and software, which is responsible for enforcing a security policy. A security perimeter is the boundary that separates the TCB from the rest of the system.
Instant Answer A Trusted Computing Base (TCB) is the total combination of protection mechanisms within a computer system, including hardware, firmware, and software, which is responsible for enforcing a security policy.
Access control is the ability to permit or deny the use of an object (a passive entity such as a system or file) by a subject (an active entity such as individual or process).
Instant Answer Access control is the ability to permit or deny the use of an object (system or file) by a subject (individual or process).
A reference monitor is a system component that enforces access controls on an object. Stated another way, a reference monitor is an abstract machine that mediates all access to an object by a subject.
Instant Answer A reference monitor is a system component that enforces access controls on an object.
A security kernel is the combination of hardware, firmware, and software elements in a Trusted Computing Base that implements the reference monitor concept. Three requirements of a security kernel are that it must
Be protected from modification
Instant Answer A security kernel is the combination of hardware, firmware, and software elements in a Trusted Computing Base (TCB) that implements the reference monitor concept.
is a vendor-independent system that complies with a published and accepted standard. This promotes interoperability between systems and
A closed system uses proprietary hardware and/or software that may not be compatible with other systems or components. Source code for software in a closed system is not normally available.
Cross-Reference The concept of protection rings implements multiple domains with increasing levels of trust near the center. The most privileged ring is identified as Ring 0 and normally includes the operating system’s security kernel. Additional system components are placed in the appropriate concentric ring based on the principle of least privilege. (For more on this topic, read Chapter 10.) The MIT MULTICS operating system implements the concept of protection rings in a security architecture.
security modes of operation,
based on the classification level of information being
Dedicated: All authorized users must have a clearance level equal to or higher than the highest level of information processed on the system and a valid need-to-know.
All authorized users must have a clearance level equal to or higher than the highest level of information processed on the system but a valid need-to-know isn’t
Information at different classification levels is stored or processed on a
trusted computer system
(a system that employs all necessary hardware and software assurance measures and meets the specified requirements for reliability and security). Authorized users must have an appropriate clearance level, and access restrictions are enforced by the system
Limited access: Authorized users aren’t required to have a security clearance, but the highest level of information on the system is Sensitive but Unclassified (SBU).
Cross-Reference See Chapter 6 for more on clearance levels.
A hardware or software failure can
These systems continue to
When a hardware or software failure is
Fail-soft (resilient) systems: When a hardware or software failure is detected, certain noncritical processing is terminated, and the computer or network continues to function in a degraded mode.
Failover systems: When a hardware or software failure is detected, the system automatically transfers processing to a hot backup component, such as a clustered server.
Unless detected (and corrected) by an
These are unknown, hidden communications that take place within the medium of a
Software code in multiprocessing and multiuser systems, unless very
Hidden, undocumented features in software programs that are intended to inappropriately expose data or functions for
Knowing that systems are subject to frequent or constant attack, systems
Reveal as little information about the system as possible. For example, don’t permit the system to ever display the version of operating system, database, or application software that are running.
Limit access to only those persons who must use the system in order to fulfill needed organizational functions.
Disable unnecessary services in order to reduce the number of attack targets.
Use strong authentication in order to make it as difficult as possible for outsiders to access the system.