Protection of the Trusted Computing Base (TCB)

Edit online

Files that hold elements of the TCB must be protected from modification, and in some cases disclosure (reading), by untrusted programs.

Protection from modification is critical, and protection from disclosure can be critical. Files that must be protected include the following:
  • All files that contain data used by a trusted program in making a security decision (for example the shadow password file)
  • All executable files for trusted program
  • Pseudofiles that allow access to portions of the TCB (for example /dev/kmem).
Note: System initialization files (the rc files) must especially be protected as a part of the TCB