Firstly, security starts at a policy level, to serve as a high-level directive that provides the foundational goals for an overall system.
A security policy is a strategic tool that dictates how sensitive information and resources are managed and protected. A security policy states exactly what the security level should become by once the goals of the security mechanisms are defined. The security policy also acts as a baseline for evaluating a system after it is built.
Security Architecture Requirements
- Trusted Computing Base: is a collection of all the hardware, software and firmware components within a system. These provide a type of security enforcement in the system’s security policy.
Security Kernel
- Similar to the Trusted Computing Base, the Security Kernel is made up of hardware, software, and firmware components. However, the security kernel mediates all access functions between subjects and objects. This makes the security kernel at the core of the most commonly used approaches to building trusted computing systems.
0 comments:
Post a Comment