A trust model of TCB subsets

Abstract

The traditional TCB is considered of working on system layer, while TCB in modern imformation system has extended to application layer. As keeping TCB trusted is one of the preconditions of ensuring information system security, it is necessary to study the trust attributes of extended TCB. In this paper, TCB is compartmentalized into TCB subsets according to the hierarchical structure of policy. Time-isolation relation and space-isolation relation are used to discrib the relations among TCB subsets. Based on the trusted-supporting relations, a theorem is brought forward and proved which gives the conditions to ensure the extended TCB trusted. At the end of this paper, an exemple is given to illuminate that access control mechanisms based on this model can provide more nice-granular control to enhance the security of system.