Reference monitor

A reference monitor (English reference monitor) is in the IT security a logical unit ( an abstract model, or even a concrete implementation ) which is responsible for monitoring and enforcement of access rights. That is, the reference monitor decides for each access of a subject (ie an actor as user or process ) to an object ( data of any kind ) on the basis of rules to determine whether the access is allowed. The following properties are crucial:

Subjects can not be accessed directly, but only through the reference monitor to objects.
The reference monitor itself must be protected from tampering.
Secondary data ( in particular the definition of the rules, log files, etc.) must be protected from tampering.
The reference monitor must have a well-defined interface.
The behavior of the reference monitor must be clearly set out and implement the rules correctly.
The implementation of the reference monitor must be correct. Possibly. is required for a formal verification.

These properties of the reference monitor a security system are important criteria for assessing the security of computer systems. They are a prerequisite for certification for the higher levels of the current safety certificates, such as the TCSEC and ITSEC.

IT security
Computer science

Trusted Computer System Evaluation Criteria

675940