hi and Welcome ! In this video, I will discuss an important concept with regards to the secure design of an Information/ Computer System. This concept is known as Trusted Computing Base (TCB). In this video, I will also discuss TCB’s various components including Reference Monitor, Security Kernel, Security Perimeter and Trusted Paths. Before proceeding further, pl turn-on the subtitles for this video. This is an Information/ Computer System. TCB is a subset of the computer system which comprises of critical and sensitive Hardware, Software
and Controls of the computer system. TCB is separated from rest of computer system (non-TCB components) using Security Perimeter. Security Perimeter is an imaginary boundary around the TCB which prevents any insecure communication between TCB components and non-TCB
components. Access between TCB components and non-TCB components is allowed only using the Trusted Paths, which are secure channel of
communication between the TCB components and non-TCB components. TCB is defined by the Trusted Computer System Evaluation Criteria(TCSEC), also known as Orange Book. Orange book was formulated by US
Department of Defense in 1980s and it is now replaced by the Common
Criteria in 2005. But the definition of TCB (in Orange Book) is still valid today. Orange book defines TCB as a Trusted Base which contains the subset of computer system comprises of critical and sensitive Hardware, Software and Controls. TCB enforces the Security Policy of the computer system. Trusted Computing Base (TCB) should be small enough to allow and an easy analysis by security expert. There are two parts of TCB, 1st one is Reference Monitor which is a conceptual part of TCB and it mediates all accesses from non-TCB components to TCB components. 2nd part is the Security Kernel which is the implementation of Reference Monitor. Reference monitor is a logical/ conceptual part of this TCB and it contains the access rules to allow access between subjects and objects. It validates accesses between subjects and objects b/w non-TCB components and TCB components. It also defines the security policy of this computer system. Security Kernel is the actual implementation of this TCB/ Reference Monitor. Reference Monitor is like a Law and
Security Kernel is like a Police, which enforces the implementation of
the law. Security Kernel is set of Software Hardware and Controls to implement the functions of Reference Monitor. Security kernel enforces the access rules and Security Policy of TCB/ Computer system.