Talk:Trusted computing base

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated B-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
B-Class article B  This article has been rated as B-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as Low-importance).

The 3. reference is a dead link.

hi anyone I just want to know how command control communicatiob and intelligent systems[C3I] actice as a main part of the information technology sector rather than defence. please comment any idea


Not sure how to fix this[edit]

From the article:

barring any reason to believe otherwise, a computer is able to do everything that a general Turing machine can.

This is wrong for two reasons:

  • It is a fundamental given of computer science that no real computer is able to do everything that a general Turing machine can. To be able to do so would require infinite amounts of memory, for instance.
  • It isn't even relevant. A General Turing Machine is a model of computational ability, which is not even approximately related to satisfaction of security constraints. A perfectly behaving, sandboxed environment (e.g. like a flawless implementation of javascript in a web browser) is capable of emulating a general Turing machine just as well as any computer (i.e., it has limitations based on the size of memory available to it, but can otherwise perform the same calculations). This doesn't mean that it is insecure.

I'm not sure what model should be used to describe a computer without security restrictions, but any Turing-machine related model is not appropriate for this. JulesH 14:36, 3 May 2007 (UTC)

Historically incorrect[edit]

The article credits a 1992 paper by Butler Lampson et al for the term TCB. In fact, it was used 11 years earlier in John Rushby's famous separation-kernel paper [Rushby, 18th SOSP]. This might be the original definition, but I'm not sure. (I'll ask John next time I see him.) —Preceding unsigned comment added by Heiser (talkcontribs) 05:36, 19 February 2008 (UTC)

I checked and fixed. heiser (talk) 12:45, 11 August 2010 (UTC)


Can someone help me if BIOS is a part of TCB? Thanks — Preceding unsigned comment added by Manishupasani (talkcontribs) 14:48, 19 August 2012 (UTC)

This article could use some updating, given recent developments[edit]

This article could really use some help to become up to date. Trusted Computing Base is a concept that will become very hot very soon. In this post-Snowden world, we find that core elements of devices used by virtually everyone may be compromised in many ways. SIM-cards containing cryptographic keys that are stolen. Network routers that are modified en route from the factory to the customer to enable intrusion by agencies. Computers that are delivered with malware installed that intercepts SSL communication with MITM attacks by forging certificates. It almost seems you can hardly trust an old pencil not to spy on you these days.

I think this article could benefit from both more formal content (for example by using or referring to Kernighan's Reflections on Trusting Trust. this blog by Steve Bellovin, also contains items of interest. Also, practical issues should be listed, not at least the issues that arise when using cloud-based services.

Alas, I do not feel qualified myself to contribute, so I hope someone more qualified might want to look into this. --Lasse Hillerøe Petersen (talk) 15:58, 21 February 2015 (UTC)