Trusted processes
A trusted program, or trusted process, is a shell script, a daemon, or a program that meets a particular standard of security. These security standards are set and maintained by the U.S. Department of Defense, which also certifies some trusted programs.
Trusted programs are trusted at different levels. Security levels
include A1, B1, B2, B3, C1, C2, and D, with level A1 providing the
highest security level. Each security level must meet certain requirements.
For example, the C2 level of security incorporates the following standards:
- program integrity
- Ensures that the process performs exactly as intended.
- modularity
- Process source code is separated into modules that cannot be directly affected or accessed by other modules.
- principle of least privilege
- States that at all times a user is operating at the lowest level of privilege authorized. That is, if a user has access only to view a certain file, then the user does not inadvertently also have access to alter that file.
- limitation of object reuse
- Keeps a user from, for example, accidentally finding a section of memory that has been flagged for overwriting but not yet cleared, and which might contain sensitive material.
TCP/IP contains several trusted daemons and many nontrusted daemons.
Examples of trusted daemons are as follows:
Examples of nontrusted daemons are as follows:
For a system to be trusted, it must operate with a trusted computing base; that is, for a single host, the machine must be secure. For a network, all file servers, gateways, and other hosts must be secure.