Editing Trusted computing base (section)

==Definition and characterization==
The term goes back to [[John Rushby]],<ref>
{{cite conference
 | first = John
 | last = Rushby
 | title = Design and Verification of Secure Systems
 | book-title = 8th ACM Symposium on Operating System Principles
 | pages = 12–21
 | year = 1981
 | location = Pacific Grove, California, US
}}</ref> who defined it as the combination of [[operating system kernel]] and trusted [[Process (computing)|processes]]. The latter refers to processes which are allowed to violate the system's access-control rules.
In the classic paper ''Authentication in Distributed Systems: Theory and Practice''<ref>B. Lampson, M. Abadi, M. Burrows and E. Wobber, [http://citeseer.ist.psu.edu/lampson92authentication.html Authentication in Distributed Systems: Theory and Practice], [[ACM Transactions on Computer Systems]] 1992, on page 6.</ref> [[Butler Lampson|Lampson]] et al. define the TCB of a [[computer system]] as simply
: ''a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security.''

Both definitions, while clear and convenient, are neither theoretically exact nor intended to be, as e.g. a [[network server]] process under a [[UNIX]]-like operating system might fall victim to a [[security breach]] and compromise an important part of the system's security, yet is not part of the operating system's TCB. The [[Trusted Computer System Evaluation Criteria|Orange Book]], another classic [[computer security]] literature reference, therefore provides<ref>[http://csrc.nist.gov/publications/history/dod85.pdf  Department of Defense trusted computer system evaluation criteria], DoD 5200.28-STD, 1985. In the glossary under entry '''Trusted Computing Base (TCB)'''.</ref> a more formal definition of the TCB of a computer system, as

: ''the totality of protection mechanisms within it, including hardware, firmware, and software, the combination of which is responsible for enforcing a computer security policy.''

In other words, trusted computing base (TCB) is a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.

The Orange Book further explains that

: ''<nowiki>[t]</nowiki>he ability of a trusted computing base to enforce correctly a unified security policy depends on the correctness of the mechanisms within the trusted computing base, the protection of those mechanisms to ensure their correctness, and the correct input of parameters related to the security policy.''

In other words, a given piece of hardware or software is a part of the TCB if and only if it has been designed to be a part of the mechanism that provides its security to the computer system. In [[operating system]]s, this typically consists of the kernel (or [[microkernel]]) and a select set of system utilities (for example, [[setuid]] programs and [[Daemon (computer software)|daemons]] in UNIX systems). In [[programming language]]s designed with built-in security features, such as [[Java (programming language)|Java]] and [[E (programming language)|E]], the TCB is formed of the language runtime and standard library.<ref>M. Miller, C. Morningstar and B. Frantz, [http://www.erights.org/elib/capability/ode/ode-linear.html Capability-based Financial Instruments (An Ode to the Granovetter diagram)], in paragraph ''Subjective Aggregation''.</ref>