An architectural approach for assessing system trust based on security policy specifications and security mechanisms.