Access Control Reference Monitor Flashcards
What is a reference monitor?
The reference monitor can be found in all computers. All access decisions are based on a set of security parameters for both the subject and object.
The access privileges of subjects and protection attributes of objects are stored in a database. This allows the reference monitor to enforce the access control policies.
The reference monitor is also responsible for writing subject requests and its decisions to an audit file (logging).
What are the three main properties of the reference monitor?
The three main properties are:
- Complete mediation: The reference monitor should always be invoked. It cannot be bypassed by any user or program.
- Tamper-proof: It must be immutable and its integrity unquestionable.
- Verifiability: It must be small enough to be subjected to analysis and testing to ensure its correctness.
Where is the reference monitor situated on a computer?
There is no strict rule governing reference monitor placement. It can be implemented in:
- Hardware
- In the OS/OS kernel,
- In VMs and middelware (typical for cloud computing)
- As an application
- As a service.
In short, it can be placed anywhere. In modern computers the reference model is typically implemented in hardware. This provides performance benefits while also ensuring mediation (circumventing hardware is impossible).