Trusted Computing Base (TCB)

A trusted computing base (TCB) refers to all of a computer system's hardware, firmware and software components that combine to provide the system with a secure environment. It enforces security policies to ensure security of the system and its information. System safety is achieved by provisioning methods, like controlling access, requiring authorization to access specific resources, enforcing user authentication, safeguarding anti-malware and backing up data.

As a whole, the TCB's ability and performance are based on the correctness and relevance of its applied techniques and mechanisms, the safety and protection of those mechanisms to ensure their correctness and the right input of parameters required in security policies. In short, to maintain synergy between components, any hardware or software should only be part of the given TCB if - and only if - it is designed to be part of the mechanisms of that TCB.

Computer systems that do not implement TCB as part of their architectural design are only secured because of external solutions. Moreover, the reasoning behind a computer system's security depends on the proper understanding of its capabilities and limitations. This means that because a computer with a TCB can do anything that a Von Neumann architecture computer can, there likely will be things that users do, intentionally or unintentionally, to make the system less secure. Thus, the mechanisms in the TCB should take the human security factor into consideration.