Quote:
It is reasonable and logical that the mechanism(s) which implement an access control policy
must be protected from (unauthorized) change. Our thinking is made easier and our
confidence increases if there is a set of trusted resources, which we call bedrock, serves as the
foundation of our security policies. This firm foundation is the basis of our trust. The
interface to the bedrock specifies the set of resources used to build a trusted information
technology system.
The bedrock concept is relative. The device designer, circuit designer, and operating system
architect have different viewpoints. Each specialist assumes that the interface provided to
him or her is trustworthy. This trust is a consequence of specialization. A person working at
one technological level of abstraction is usually not prepared to investigate and determine the
trustworthiness of the resources with which he/she works. For example, software experts
rarely know about hardware design. However, they tend to trust the hardware. This trust
may or may not be warranted. The hardware may be failure prone due to errors in design or
fabrication; it may also have been built with malicious intent to sustain the same kinds of...........