A reference validation mechanism refers to the portion of a trusted computing base, which controls access between subjects and objects. Proper operation of this mechanism is essential as it determines data protection in the system. The trusted computing base, on the other hand, is the set of firmware, hardware, and software components in a computer system. These three components are essential in the security of a computer system. If bugs occur inside the computing base, the security of the entire system might be jeopardized. The base also distinguishes from a larger amount of software that is allowed to misbehave without threatening the security of a system.
TOE stands for Target of Evaluation. It is the subject of the evaluation. Evaluation verifies the target’s security features through the protection profile; security target; and security functional requirements. It is constructed from several components, which contribute to the TOE’s security objectives. Even though the three functions are involved with the security of the system, the trusted computing base comprises the reference validation mechanism while the TOE contributes to the protection of the trusted computing base.