Trust
The Trusted Computing Group (TCG) (www.trustedcomputinggroup.org/developers/glossary) defines the following terms related to trusted computing:
- Trust: The expectation that a device will behave in a particular manner for a specific purpose.
- A trusted computing platform: A computing platform that can be trusted to report its properties.
- A component root of trust: A component that must always behave in the expected manner because its misbehavior cannot be detected. The complete set of roots of trust has at least the minimum set of functions to enable a description of the platform characteristics that affect the trustworthiness of the platform.
The root of trust component implementation can be accomplished either through hardware such as custom-designed computer chips or application-specific integrated circuits (ASICs), or software protection mechanisms.
Implementing trust in the processing and flow of data in an information system is an instantiation of the reference monitor concept in operating system security. A reference monitor is a conceptual device that mediates all access to objects by subjects in an operating system. An object is an entity that contains the data, and a subject is an entity that desires access to the object. In a system that implements a reference monitor, all access must first go through the reference monitor to ensure that the access conforms to the security policy.
A reference monitor is typically implemented as the security kernel, the component ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
