1. Field of the Invention
This invention generally relates to secure communications and in particular, to enhancing security policy relating to a trusted computing base of a computer system.
2. Description of Related Art
In many modern computing systems and networks, the reliability and security of information flow is of significant importance. To enforce the security policy of a computer system (system), a conventional hardware mechanism, such as a hardware-based Trusted Computing Base (TCB), is typically used. Such a hardware-based TCB is expected to enforce the system's access control policy and provide resistance to unauthorized changes to the system by utilizing various protection mechanisms.
However, conventional hardware protection mechanisms do not provide adequate defense against deliberate attacks on the system, because defense against such attacks have to be based upon the presumption of hostility operators or programs on the system. In particular, these conventional hardware mechanisms are not sufficient to build a TCB that enforces mandatory access control policies in environments where the device cannot be physically secured and is vulnerable to attack by hostile operators.
The operating system in conventional open platforms, such as personal computers (PCs), contain many changing components, such as device drivers and patches, making it difficult to maintain the system in a continually trustworthy state. In high-security environments the TCB must protect sensitive information from operators of the system. Such systems commonly use a closed platform, such as a set-top box, as opposed to an open platform, such as a PC, to reduce not only the number of components, but also to provide better security control over platform hardware and software. However, in comparison to PCs, closed systems are less flexible (fixed function) and often impose an additional cost to consumers. Furthermore, the security of closed function devices cannot be implemented into the open PC platforms, further leaving the consumers without the economic benefit and delivery of richer applications and services.
Conventional hardware-based TCBs are typically limited in speed and slow at secure processing, limited in storage capacity, support a very low level programming interface, have their resources shared by all the software running on the system including two or more virtual machines, provide difficulty with regard to migration of data used by a virtual machine from one system to another system, and have readily unsuitable measurement facility for measuring application programs that are repeatedly terminated.