Reference Monitor

Related Concepts – Access control – Access control policy – Security kernel Definition A reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects' (e.g., processes and users) ability to perform operations (e.g., read and write) on objects (e.g., files and sockets) on a system. – The reference validation mechanism must always be invoked (complete mediation). – The reference validation mechanism must be tamperproof (tamperproof). – The reference validation mechanism must be small enough to be subject to analysis and tests, the completeness of which can be assured (verifiable). The claim is that a reference validation mechanism that satisfies the reference monitor concept will correctly enforce a system's access control policy, as it must be invoked to mediate all security-sensitive operations, must not be tampered, and has undergone complete analysis and testing to verify correctness.

[1]  Trent Jaeger Operating System Security , 2008, Operating System Security.

[2]  Spencer E. Minear,et al.  Providing Policy Control Over Object Operations in a Mach-Based System , 1995, USENIX Security Symposium.

[3]  Michael D. Schroeder,et al.  FINAL REPORT OF THE MULTICS KERNEL DESIGN PROJECT , 1978 .

[4]  Trent Jaeger,et al.  Using CQUAL for Static Analysis of Authorization Hook Placement , 2002, USENIX Security Symposium.

[5]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[6]  Morrie Gasser,et al.  Security Kernel Design and Implementation: An Introduction , 1983, Computer.

[7]  Mary Ellen Zurko,et al.  A Retrospective on the VAX VMM Security Kernel , 1991, IEEE Trans. Software Eng..

[8]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[9]  F. Mayer,et al.  Access meditation in a message passing kernel , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[10]  L. J. Fraim Scomp: A Solution to the Multilevel Security Problem , 1983, Computer.

[11]  Michael D. Schroeder Engineering a security kernel for Multics , 1975, SOSP.

[12]  Roger R. Schell,et al.  Designing the GEMSOS security kernel for security and performance , 1985 .

[13]  Trent Jaeger,et al.  Consistency analysis of authorization hook placement in the Linux security modules framework , 2004, TSEC.

[14]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[15]  Xiao Ma,et al.  AutoISES: Automatically Inferring Security Specification and Detecting Violations , 2008, USENIX Security Symposium.

[16]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[17]  Cynthia E. Irvine The Reference Monitor Concept as a Unifying Principle in Computer Security Education , 1999 .