Definition
A reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects’ (e.g., processes and users) ability to perform operations (e.g., read and write) on objects (e.g., files and sockets) on a system.
The reference validation mechanism must always be invoked (complete mediation).
The reference validation mechanism must be tamperproof (tamperproof ).
The reference validation mechanism must be small enough to be subject to analysis and tests, the completeness of which can be assured (verifiable).
The claim is that a reference validation mechanism that satisfies the reference monitor concept will correctly enforce a system’s access control policy, as it must be invoked to mediate all security-sensitive...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Ames SA, Gasser M, Schell RR (1983) Security kernel design and implementation: an introduction. IEEE Comp 16(7): 14–22
Anderson JP (1972) Computer security technology planning study. Technical report ESD-TR-73-51, http://seclab.cs.ucdavis.edu/projects/history/, The Mitre Corporation, Air Force Electronic Systems Division, Hanscom AFB, Badford. Volumes I and II
Branstad M, Tajalli H, Mayer FL, Dalva D (1989) Access mediation in a message passing kernel. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, CA
Fraim LJ (1983) SCOMP: a solution to the multilevel security problem. IEEE Comp 16(7):26–34
Gasser M (1988) Building a secure computer system. Van Nostrand Reinhold, New York. http://cs.unomaha.edu/~stanw/gasserbook.pdf
Irvine C (1999) The reference monitor concept as a unifying principle in computer security education. In: Proceedings of the 1st world conference on information systems security education, Kista, Sweden, June 1999
Jaeger T (2008) Operating system security. Morgan & Claypool, San Rafael, CA
Jaeger T, Edwards A, Zhang X (2004) Consistency analysis of authorization hook placement in the Linux security modules framework. ACM Trans Inform Syst Sec (TISSEC) 7(2): 175–205
Karger PA, Zurko ME, Bonin DW, Mason AH, Kahn CE (1991) A retrospective on the VAX VMM security kernel. IEEE Trans Softw Eng 17(11):1147–1165
Loscocco PA, Smalley SD, Muckelbauer PA, Taylor RC, Turner SJ, Farrell JF (1998) The inevitability of failure: the awed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference, Arlington, VA, pp 303–314, October 1998
Minear SE (1995) Providing policy control over object operations in a Mach-based system. In: Proceedings of the 5th USENIX Security Symposium, Salt Lake City, UT, pp 141–156
Schell R, Tao T, Heckman M (1985) Designing the GEMSOS security kernel for security and performance. In: Proceedings of the National Computer Security Conference, Baltimore, MD
Schroeder MD (1975) Engineering a security kernel for Multics. In: Proceedings of the Fifth ACM Symposium on Operating Systems Principles, Austin, TX, pp 25–32
Schroeder MD, Clark DD, Saltzer JH, Wells D (1978) Final report of the MULTICS kernel design project. Technical report MIT-LCS-TR-196, MIT, March 1978
Sun Microsystems. Trusted Solaris 8 Operating System. http://www.sun.com/software/solaris/trustedsolaris/,February2006
Tan L, Zhang X, Ma X, Xiong W, Zhou Y (2008) AutoISES: automatically inferring security specifications and detecting violations. In: Proceedings of the 17th USENIX Security Symposium, USENIX Association, San Jose, CA, pp 379–394
Trusted Computer System Evaluation Criteria (Orange Book). Technical report DoD 5200.28-STD, U.S. Department of Defense, December 1985
Wright C, Cowan C, Smalley S, Morris J, Kroah-Hartman G (2002) Linux security modules: general security support for the Linux kernel. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, pp 17–31, August 2002
Zhang X, Edwards A, Jaeger T (2002) Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, pp 33–48, August 2002
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Jaeger, T. (2011). Reference Monitor. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_646
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_646
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering