Reference monitor

from Wikipedia, the free encyclopedia

A reference monitor (Engl. Reference monitor ) is in the IT security a logical unit (an abstract model , or even a concrete implementation ) for the control and enforcement of the access rights is responsible. This means that the reference monitor decides for each access of a subject (i.e. an actor such as user or process ) to an object (data of any kind) based on rules whether the access is allowed. The following properties are decisive:

  • Subjects cannot access objects directly, but only through the reference monitor.
  • The reference monitor itself must be protected against manipulation.
  • Secondary data (especially the definition of rules, log files, etc.) must be protected against manipulation.
  • The reference monitor must have a well-defined interface .
  • The behavior of the reference monitor must be clearly specified and the rules must be implemented correctly.
  • The implementation of the reference monitor must be correct. Possibly. a formal verification is required for this.

These properties of the reference monitor of a security system are important criteria for assessing the security of computer systems. They are a prerequisite for certification for the higher levels of the common security certificates such as TCSEC and ITSEC .