Trusted computing base: hardware, software, amd firmware. 1 or more coponents enforce a unified security policy. uses a concept called reference monitor mediates any access by a user to any object such as data and resources, can never be bypassed, cannot by corrupted the best design isolates the reference monitor so it can't be altered by other objects or processes. You monitor it to see that it is working and that it is doing only what it is supposed to do. If you couldnt verify this the monitor wouldn't be very useful because you wouldn't know if malware had gotten around it. A trusted system can be expected to uphold any requirements that the data owners would have for reliability, ...view middle of the document...
Obviously for a system like this it woul require a lot of documentation to show that the TCB meets or exceeds all requirements.
Class B: Uses sensitivity labels to enforce madatory access control. The developer would provide a security model that the TCB is based on and a specification of the TCB. You also would need to provide evidence that the reference monitor concept has been integrated into the system and is mediating all access.
Class C: Has discretionary protection. This is base on the principle of least privilege which means you have access only to the information that you need to know. Unlike a reference monitor that mediates access through the system, discretionary protection means that the data owner decides who has access to their data, not the system.
Class D: Used to identify systems that either failed to meet the standards of a higher class or i other cases, it was used for unrated or untested systems. There aren't any real requirements to fit into class D.
TSEC now called CC Common Criteria or ISO 15048 US, Canada, and Europe.
CC: Includes three areas you should be aware of: Protection Profiles (PP): Implementation-Independent collection of objectives and requirements for any class of items that have similar purposes. It defines the security requirements that can be used to certify common commercial...