The　traditional　TCB　is　considered　of　working　on　system　layer,　while　TCB　in　modern　imformation　system　has　extended　to　application　layer.　As　keeping　TCB　trusted　is　one　of　the　preconditions　of　ensuring　information　system　security,　it　is　necessary　to　study　the　trust　attributes　of　extended　TCB.　In　this　paper,　TCB　is　compartmentalized　into　TCB　subsets　according　to　the　hierarchical　structure　of　policy.　Time-isolation　relation　and　space-isolation　relation　are　used　to　discrib　the　relations　among　TCB　subsets.　Based　on　the　trusted-supporting　relations,　a　theorem　is　brought　forward　and　proved　which　gives　the　conditions　to　ensure　the　extended　TCB　trusted.　At　the　end　of　this　paper,　an　exemple　is　given　to　illuminate　that　access　control　mechanisms　based　on　this　model　can　provide　more　nice-granular　control　to　enhance　the　security　of　system.　©　2010　IEEE.