PrepAway - Latest Free Exam Questions & Answers

Which term below MOST accurately describes the Trusted Computing Base (TCB)?

Which term below MOST accurately describes the Trusted Computing
Base (TCB)?

PrepAway - Latest Free Exam Questions & Answers

A.
A piece of information that represents the security level of an object

B.
A computer that controls all access to objects by subjects

C.
Formal proofs used to demonstrate the consistency between a systems specification and a
security model

D.
The totality of protection mechanisms within a computer system

Explanation:
The Trusted Computing Base (TCB) The totality of protection
mechanisms within a computer system, including hardware,
firmware, and software, the combination of which is responsible for
enforcing a security policy. A TCB consists of one or more components
that together enforce a unified security policy over a product or
system. The ability of a trusted computing base to correctly enforce a
security policy depends solely on the mechanisms within the TCB
and on the correct input by system administrative personnel of
parameters (e.g., a users clearance) related to the security policy.
*Answer “A computer that controls all access to objects by subjects” describes the reference
monitor concept. The reference
monitor is an access control concept that refers to an abstract machine
that mediates all accesses to objects by subjects. The Security Kernel
consists of the hardware, firmware, and software elements of a Trusted
Computing Base (or Network Trusted Computing Base partition) that
implement the reference monitor concept. It must mediate all accesses,
be protected from modification, and be verifiable as correct.
*Answer “A piece of information that represents the security level of an object” refers to a
sensitivity label. Asensitivity label is a piece of
information that represents the extra security level of an object and
describes the sensitivity (e.g., classification) of the data in the object.
Sensitivity labels are used by the TCB as the basis for mandatory
access control decisions.
*Answer “Formal proofs used to demonstrate the consistency between a systems specification
and a security model” describes formal verification. This is the process of using
formal proofs to demonstrate the consistency (design verification)
between a formal specification of a system and a formal security policy
model or (implementation verification) between the formal specification
and its program implementation. Source: DoD 5200.28-STD
Department of Defense Trusted Computer System Evaluation Criteria


Leave a Reply