Trusted Execution
Trusted Execution (TE) refers to a collection of features that are used to verify the integrity of the system and implement advance security policies, which together can be used to enhance the trust level of the complete system.
The usual way for a malicious user to harm the system is to get
access to the system and then install Trojans, rootkits or tamper
some security critical files, resulting in the system becoming vulnerable
and exploitable. The central idea behind the set of features under
Trusted Execution is prevention of such activities or in worst case
be able to identify if any such incident happens to the system. Using
the functionality provided by Trusted Execution, the system administrator
can decide upon the actual set of executables that are allowed to
execute or the set of kernel extensions that are allowed to be loaded.
It can also be used to audit the security state of the system and
identify files that have changed, thereby increasing the trusted level
of the system and making it more difficult for the malicious user
to do harm to the system. The set of features under TE can be grouped
into the following:
- Managing Trusted Signature Database
- Auditing integrity of the Trusted Signature Database
- Configuring Security Policies
- Trusted Execution Path and Trusted Library Path
Note: A TCB functionality already exists in the AIX® operating system. TE is a more powerful and
enhanced mechanism that overlaps some of the TCB functionality and provides advance security policies to better control the integrity
of the system. While the Trusted Computing Base is still available,
Trusted Execution introduces a new and more advanced concept of verifying
and guarding the system integrity.