Trusted Computing Base
The integrity, confidentiality, and protection of data are dependent on the security models in IT. Currently, computer security recognizes the importance of human discretion lying in the architecture of the Trusted Computing Base. The trusted computing base, TCB, is simply the totality of the hardware, software, processes as well as individuals with correct operations and decision making, which are considered essential in a company as far as security is concerned. The organizational TCB includes the system and its administrators operating the critical operations of protection. However, it also consists of the entire constructs for management and storage of personally identifiable information concerning the employees and customers as well. Candidates excluded from the TCB are those with malfunctions or public disclosure that is not likely to create a cascading problem (Mao, Chen & Zhang, 2016). The modern infrastructure has an extending TCB that reaches the systems as well as networks of partners and supplier groups. In turn, this has a significant complication in the environment that poses difficulty in controlling. Probably, a modern TCB has an extension exceeding a single organization that makes protection more difficult.
The discretion program in a national infrastructure plays a primary goal in ensuring that the information concerning TCB functionality, operations as well as process are not exposed to unauthorized individuals. The idea helps to avoid disclosing information to others who have no possession of necessary business information for them to access the report. The program, however, consists of two components; mandatory controls and discretionary policy.. Don't use plagiarised sources.Get your custom essay just from $11/page
(a) Mandatory controls
The mandatory controls refer to the mechanisms of functions and procedures that are put across, ensuring the protection of information from access by unauthorized individuals. Apart from the key administrators in the TCB departments, none of the individuals can bypass the mandatory controls in the organization, typically including the firewalls, honey pots, and intrusion detection systems.
(b) Discretionary Policy
The term suggests the rules, recommendations, and guidelines that an organization adapts in an attempt to protect the information, particularly concerning TCB. Generally, The practical concerns drive discretion in this context; for instance, the functional mechanism does not control what is mentioned by people informally while addressing the colleagues or customers. The critical way to the protection of information is the discretionary guidance that the local culture employs. Severe punishments are applicable in complementing those who violate the spirit towards protecting the information relating to TCB.
Expectedly, the TCB efficiently protects the information following the minimizing of its size and complexity. Inclusion of a controlled number of people, including those trusted in particular, helps to enhance security in the information systems, for example, trusting one person is better than having imagined several people and groups (Hardjono & Smith, 2019). Similarly, the decreased number of systems that one trusts and less complexity of the systems impact a better of an organization from a security perspective. Therefore, minimizing the TCB is a critical idea, although it is seemingly ignored in real practice. Security practice, however, involves the introduction to some new systems of security that are often large and complex for full trust to be guaranteed.
The primary consideration while protecting a national infrastructure encompasses management, promotion, and proper human discretion revolving around the significant information systems concerning TCB assets. In this case, policies, procedures, and even functional controls have to be put in place to help in the exercise of discretion. Ideally, before disclosure any TCB-related information that may have an impact on the security of some national asset, certain factors have to be considered, such as asking of questions to verify if the person could be eligible for the information. The items in this perspective focus on the fixes need, limits, legality, and damage, among other possible areas of concern. For example, the person in need of accessing the information may be asked:
- Is the information helpful in the identification of timelier or a more effective security fix?
- Could the disclosure of the data be limited in those able to design a security fix?
- Is the information legal, or is, is it a contractual requirement in the local environment?
- Is there any person in the group harmed as a result of the protection of the information?
- Does anybody else need the information to protect their infrastructural systems?
Interpreting the question is suggestive of better human discretion, along with a recommendable decision making as a critical procedure in the protection of national assets. In most cases, government organizations demand information relating to the trusted computing base. The demand is valid, provided the purpose of sharing is reasonable, and focused on the improvement of situations in particular. When the government demands the information, for general purposes, the sharing is not recommended (Noorman et al., 2013). While in a TCB model, the request of the meaning behind disclosing certain information must be clarified before sharing critical information.
All the events, without considering the security process, architecture, as well as the systems, adapted to protect assets, the humans remain the significant link in the chain. Considerably, in most environments, they may be perceived as the weakest points of connection. Ideally, the end reinforces the idea of discretion as far as sharing information in important principles is concerned. The trusted computing base is key to information security.
References
Norman, J., Agent, P., Daniels, W., Strack, R., Van Herreweghe, A., Huygens, C., … & Piessens, F. (2013). Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13) (pp. 479-498).
Hardjono, T., & Smith, N. (2019). Decentralized trusted computing base for blockchain infrastructure security. arXiv preprint arXiv:1905.04412.
Mao, W., Chen, H., Li, J., & Zhang, J. (2016). U.S. Patent No. 9,230,129. Washington, DC: U.S. Patent and Trademark Office.