Talk:Trusted computing base

The 3. reference is a dead link.

hi anyone I just want to know how command control communicatiob and intelligent systems[C3I] actice as a main part of the information technology sector rather than defence. please comment any idea

thanks

Not sure how to fix this
From the article:
 * barring any reason to believe otherwise, a computer is able to do everything that a general Turing machine can.

This is wrong for two reasons:


 * It is a fundamental given of computer science that no real computer is able to do everything that a general Turing machine can. To be able to do so would require infinite amounts of memory, for instance.
 * It isn't even relevant. A General Turing Machine is a model of computational ability, which is not even approximately related to satisfaction of security constraints.  A perfectly behaving, sandboxed environment (e.g. like a flawless implementation of javascript in a web browser) is capable of emulating a general Turing machine just as well as any computer (i.e., it has limitations based on the size of memory available to it, but can otherwise perform the same calculations).  This doesn't mean that it is insecure.

I'm not sure what model should be used to describe a computer without security restrictions, but any Turing-machine related model is not appropriate for this. JulesH 14:36, 3 May 2007 (UTC)

Historically incorrect
The article credits a 1992 paper by Butler Lampson et al for the term TCB. In fact, it was used 11 years earlier in John Rushby's famous separation-kernel paper [Rushby, 18th SOSP]. This might be the original definition, but I'm not sure. (I'll ask John next time I see him.) —Preceding unsigned comment added by Heiser (talk • contribs) 05:36, 19 February 2008 (UTC)
 * I checked and fixed. heiser (talk) 12:45, 11 August 2010 (UTC)

BIOS
Can someone help me if BIOS is a part of TCB? Thanks — Preceding unsigned comment added by Manishupasani (talk • contribs) 14:48, 19 August 2012 (UTC)

This article could use some updating, given recent developments
This article could really use some help to become up to date. Trusted Computing Base is a concept that will become very hot very soon. In this post-Snowden world, we find that core elements of devices used by virtually everyone may be compromised in many ways. SIM-cards containing cryptographic keys that are stolen. Network routers that are modified en route from the factory to the customer to enable intrusion by agencies. Computers that are delivered with malware installed that intercepts SSL communication with MITM attacks by forging certificates. It almost seems you can hardly trust an old pencil not to spy on you these days.

I think this article could benefit from both more formal content (for example by using or referring to Kernighan's Reflections on Trusting Trust. this blog by Steve Bellovin, also contains items of interest. Also, practical issues should be listed, not at least the issues that arise when using cloud-based services.

Alas, I do not feel qualified myself to contribute, so I hope someone more qualified might want to look into this. --Lasse Hillerøe Petersen (talk) 15:58, 21 February 2015 (UTC)

"Modern operating systems strive"
About: "Modern operating systems strive to reduce the size of the TCB". This needs substantiation and clarification. Which operating systems are "modern" and how big is their TCB? I see mostly big kernels with a huge amount of code that has to be trusted. If there is some especially important data in an allegedly-secure enclave, there is even more running in ring 0. Vox Sciurorum (talk) 13:58, 17 February 2019 (UTC)