Browse Prior Art Database

Mechanism for Trusted Computing Base Isolation

IP.com Disclosure Number: IPCOM000106964D
Original Publication Date: 1992-Jan-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 2 page(s) / 77K

Publishing Venue

IBM

Related People

Steves, DH: AUTHOR [+2]

Abstract

Disclosed is a mechanism for isolating the Trusted Computing Base (TCB) from the non-trusted parts of the system. This mechanism increases the overall integrity of the system. It makes use of the Trusted Communication Path mechanism described in the preceding article.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Mechanism for Trusted Computing Base Isolation

       Disclosed is a mechanism for isolating the Trusted
Computing Base (TCB) from the non-trusted parts of the system. This
mechanism increases the overall integrity of the system. It makes use
of the Trusted Communication Path mechanism described in the
preceding article.

      Logically, the Trusted Computing Base is the part of the
operating system privileged to enforce the security policy of the
system.  At a "physical" level, however, the TCB software consists of
the files which contain code which executes with privilege. This
includes the operating system kernel and kernel extensions, the
Trusted Processes and any library routines which are executed by
privileged code. It is a requirement in a secure system to protect
the TCB from unauthorized updates.

      Briefly, a Trusted Path mechanism allows users and the TCB to
communicate securely - that is, their communication path is
"shielded" against integrity, privacy and availability threats. The
Trusted Path mechanism is to be used whenever security information is
to be exchanged. In AIX*, the Trusted Path is initiated by a user
entering the Secure Attention Key. At this signal, the Terminal State
Manager will establish a clean terminal environment, revoke all
accesses by non-TCB processes and execute the Trusted Shell. The
Trusted Shell provides a secure environment for the user to invoke
Trusted Processes.

      To provide effective TCB isolation, it is necessary to insure
that only Trusted Processes are executed on the Trusted Path and to
prevent any modifications of the TCB (that is, the files containing
the TCB software) which are not done on the Trusted Path. This
guarantees:
         1) all modifications of the TCB are done by Trusted
Processes, which are themselves part of the TCB.
         2) all modifications of the TCB are performed in a sec...