TRUSTED SYSTEM CONCEPTS

This is the first of three related papers exploring how contemporary c omputer architecture affects security. Key issues in this changing env ironment, such as distributed systems and the need to support multiple access control policies, necessitate a generalization of the Trusted Computing Base paradigm. This paper develops a conceptual framework wi th which to address the implications of the growing reliance on Policy -Enforcing Applications in distributed environments.