PrepAway - Latest Free Exam Questions & Answers

Which term below MOST accurately describes the Trusted Computing Base (TCB)?

Which term below MOST accurately describes the Trusted Computing Base (TCB)?

PrepAway - Latest Free Exam Questions & Answers

A.
A piece of information that represents the security level of an object

B.
A computer that controls all access to objects by subjects

C.
Formal proofs used to demonstrate the consistency between a systems specification and a
security model

D.
The totality of protection mechanisms within a computer system

Explanation:
The Trusted Computing Base (TCB) The totality of protection mechanisms within a computer system,
including hardware, firmware, and software, the combination of which is responsible for enforcing a
security policy. A TCB consists of one or more components that together enforce a unified security
policy over a product or system. The ability of a trusted computing base to correctly enforce a
security policy depends solely on the mechanisms within the TCB and on the correct input by system
administrative personnel of parameters (e.g., a users clearance) related to the security policy.
*Answer “A computer that controls all access to objects by subjects” describes the reference
monitor concept. The reference monitor is an access control concept that refers to an abstract
machine that mediates all accesses to objects by subjects. The Security Kernel consists of the
hardware, firmware, and software elements of a Trusted Computing Base (or Network Trusted
Computing Base partition) that implement the reference monitor concept. It must mediate all
accesses, be protected from modification, and be verifiable as correct. *Answer “A piece of
information that represents the security level of an object” refers to a sensitivity label. Asensitivity
label is a piece of information that represents the extra security level of an object and describes the
sensitivity (e.g., classification) of the data in the object. Sensitivity labels are used by the TCB as the
basis for mandatory access control decisions. *Answer “Formal proofs used to demonstrate the
consistency between a systems specification and a security model” describes formal verification.
This is the process of using formal proofs to demonstrate the consistency (design verification)
between a formal specification of a system and a formal security policy model or (implementation
verification) between the formal specification and its program implementation. Source: DoD
5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria


Leave a Reply