Re: My Question
"Which part of the Windows kernel is its trusted computing base? That is, which part is responsible for guaranteeing the invariant of the operating system?"
The following paragraph from the article linked by Dan 55 may answer your question:
"Finally, it's important to understand that this design is not fundamentally "risky." It is identical to the ones used by existing I/O Manager drivers (for example, network card drivers and hard disk drivers). All of these drivers have been operating within the Windows NT Executive since the inception of Windows NT with a high degree of reliability."
NT had no trusted computing base to start with, and MS were quite happy with that...
Here's the 'Security' section of that article, quoted verbatim (it is one of the shortest sections):
"Due to the modular design of Windows NT moving Window Manager and GDI to kernel mode will make no difference to the security subsystem or to the overall security of the operating system this will also have no effect on the C2 or E3 security certification evaluation, other than making it easier to document the internal architecture of Windows NT."
I really cant decide if that paragraph is a result of ignorance or corporate fecklessness.
Biting the hand that feeds IT
