TCB subset [FC Ver 1.0 Dec 1992]

Set of software, firmware, and hardware (where any of these three could be absent) that mediates the access of a set S of subjects to a set O of objects on the basis of a stated access mediation policy P and satisfies the properties: (1) M mediates every access to objects in O by subjects in S; (2) M is tamper resistant; and (3) M is small enough to be subject to analysis and tests, the completeness of which can be assured.