The Reference Monitor Concept

When studying Domain 3, Security Architecture and Engineering, of the CISSP CBK, it is not uncommon that CISSP aspirants are confused by the concept of the reference monitor. The following is a summary of my studying the Orange Book to clarify it.

  • The Anderson Report
    • October of 1972
    • James P. Anderson & Co.
  • Reference Monitor
    • Enforces the authorized access relationships between subjects and objects of a system.
  • The Reference Validation Mechanism
    • An implementation of the reference monitor concept.
    • Must be tamper-proof, always be invoked, and small enough.
  • Security Kernel
    • Early examples of the reference validation mechanism were known as security kernels.
  • References

PS. Access Control Matrix is mentioned in the official CISSP study guide 8th by Sybex, and AIO by Shon Harris. The textbook, Operating System Concepts 9th by Wiley, also introduces the Access Matrix model. However, you find nowhere they appear in the Orange Book but “self/group/public controls” or “access control lists” do. That’s why I choose to put “Access Control List” onto the diagram instead of the “Access Control Matrix.”

Thanks go to Dr. D. Cragin Shelton.

The following links provide more information:


Key Generator and AES Demo Tool



As cryptographic systems are often working behind the scene, we, as end users, don’t have to know how they work to complete tasks and transactions in our daily digital life.

KeyGenerator_v12 is a simple tool designed to help my InfoSec students to learn the basic concept of key generation, symmetric encryption, hash, and Base64 encoding.

PS. KeyGenerator_v12 is a simple demo tool. When testing the Base64 encoding function, please don’t load files larger than 20KB or it takes considerable time to finish the task. Please be reminded that KeyGenerator_v12 is provided as is; the author, Wentz Wu and the company, Amicliens, won’t be liable for any indirect, punitive, special, or consequential damages under any circumstances, even if it’s based on negligence or we’ve been advised of the possibility of those damages.


Software Development Security


  • As an information systems security professional, why should you know how software is developed?
  • Think twice about the waterfall model and its influence on modern software development approaches.
  • What’s the difference between (information) system development life cycle and software development life cycle?
  • What is an information system? How do you apply the concepts of security requirements, security controls, and security objectives (CIA) to the information system?

Bell-LaPadula Model


  • The Bell LaPadula Model, as a finite state machine model, controls information flow for confidentiality with two security properties:
    • Simple: no read up
    • * (star): no write down
  • The Simple Security Property states that a subject (Bob) may not read the information at a higher sensitivity level (no read up).
  • The * (star) Security Property states that a subject (Bob) may not write information to an object at a lower sensitivity level (no write down).