Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Mechanism for Trusted Computing Base Definition and Checking

IP.com Disclosure Number: IPCOM000107324D
Original Publication Date: 1992-Feb-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 4 page(s) / 178K

Publishing Venue

IBM

Related People

Camillone, N: AUTHOR [+4]

Abstract

Disclosed is a mechanism for defining and checking the status of the Trusted Computing Base (TCB) of the system. This mechanism is logically extensible and is flexible enough to be adapted to other purposes as well. The mechanism is defined in such a way that its operation can be made automatic.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 33% of the total text.

Mechanism for Trusted Computing Base Definition and Checking

       Disclosed is a mechanism for defining and checking the
status of the Trusted Computing Base (TCB) of the system. This
mechanism is logically extensible and is flexible enough to be
adapted to other purposes as well. The mechanism is defined in such a
way that its operation can be made automatic.

      The Trusted Computing Base of a system consists of the
hardware, firmware and software in the system which are responsible
for enforcing the system security policy. The TCB software consists
of those files in the system which contain TCB programs (termed
Trusted Processes) and the operating system kernel and kernel
extensions. Understandably, the integrity of the system depends upon
the integrity of these files. With the prevalence of attacks based
upon viruses, Trojan Horses, logic bombs and other malicious
programs, it is a requirement in a secure system to be able to verify
periodically that the TCB itself has not been tampered with.

      This requirement is met in AIX* by the sysck subsystem. sysck
consists of a program and a database of system objects. The program
is used both to add and modify object definitions and to perform the
checking function. The system object database defines the security-
relevant attributes for each "interesting" object in the system. The
exact definition of interesting is up to the system administrator,
but can be considered to be TCB objects for the purposes of this
article.

      The attributes which can be defined for each object include:
         - Type
         - Name
         - Mode (defines Basic Security Characteristics)
         - Owner
         - Group
         - Access Control List
         - Mandatory Access Control Label
         - Privilege Control List
         - Class
         - Program
         - Checksum
The type and name of the object must be defined. All of the other
attributes may optionally be defined. The class attribute permits
logically similar objects to be grouped so that, for instance,
several objects can be updated or checked without having to list each
object. Continued

      The mode, owner, group, access control list, mandatory access
control label and privilege control list attributes define
installation characteristics of the object which control who can
access the object and what its associated privileges are.

      The checksum and program attributes provide for extended
checking of the object itself or of other objects in the system. The
checksum attribute gives the computed checksum for the contents of
the object, and so can be used to verify the object contents. (It is
worth noting that the program used to compute the checksum can be
configured so that more secure, albeit more computationally
expensive, checksum algorithms may be used.)  The checksum, however,
is only useful for immutable...