All modules of a Cyber Immune system are categorized into untrusted, trusted, and increasing trust in data. Modules that belong to the latter two categories, along with other trusted system components, such as the separation kernel and the security monitor, are part of the TCB.
The Cyber Immune approach emphasizes the importance of code reliability verification. However, demonstrating the reliability of each system component is costly and not always feasible due to both a huge amount of code and the use of third-party code that may be subject to frequent updates.
Whereas system components are verified by the vendor, the verification of trusted application components is the application developer’s responsibility. Therefore, the code of trusted application components must be minimized, or else verification will take too long or be commercially unfeasible. Untrusted components undergo verification as well, albeit with the simplest and least costly methods.
Trusted components are subject to certain requirements: they must be functionally simple and homogeneous, have strongly typed interfaces, and contain a small amount of code. These requirements are aimed at minimizing the attack surface of trusted components and optimizing verification costs.
Like the Zero Trust security model, a Cyber Immune system reduces attack surface control to control over a relatively small defense surface formed by trusted components. It is technically easier to guarantee the quality of the defense surface, which makes the system more reliable from the security perspective.
The next and final part deals with the economic effect from following the Cyber Immune development methodology.
All modules of a Cyber Immune system are categorized into untrusted, trusted, and increasing trust in data. Modules that belong to the latter two categories, along with other trusted system components, such as the separation kernel and the security monitor, are part of the TCB.
The Cyber Immune approach emphasizes the importance of code reliability verification. However, demonstrating the reliability of each system component is costly and not always feasible due to both a huge amount of code and the use of third-party code that may be subject to frequent updates.
Whereas system components are verified by the vendor, the verification of trusted application components is the application developer’s responsibility. Therefore, the code of trusted application components must be minimized, or else verification will take too long or be commercially unfeasible. Untrusted components undergo verification as well, albeit with the simplest and least costly methods.
Trusted components are subject to certain requirements: they must be functionally simple and homogeneous, have strongly typed interfaces, and contain a small amount of code. These requirements are aimed at minimizing the attack surface of trusted components and optimizing verification costs.
Like the Zero Trust security model, a Cyber Immune system reduces attack surface control to control over a relatively small defense surface formed by trusted components. It is technically easier to guarantee the quality of the defense surface, which makes the system more reliable from the security perspective.
The next and final part deals with the economic effect from following the Cyber Immune development methodology.
