When studying Domain 3, Security Architecture and Engineering, of the CISSP CBK, it is not uncommon that CISSP aspirants are confused by the concept of the reference monitor. The following is a summary of my studying the Orange Book to clarify it.
- The Anderson Report
- October of 1972
- James P. Anderson & Co.
- Reference Monitor
- Enforces the authorized access relationships between subjects and objects of a system.
- The Reference Validation Mechanism
- An implementation of the reference monitor concept.
- Must be tamper-proof, always be invoked, and small enough.
- Security Kernel
- Early examples of the reference validation mechanism were known as security kernels.
- References
- DoD 5200.28-STD (Orange Book)
PS. Access Control Matrix is mentioned in the official CISSP study guide 8th by Sybex, and AIO by Shon Harris. The textbook, Operating System Concepts 9th by Wiley, also introduces the Access Matrix model. However, you find nowhere they appear in the Orange Book but “self/group/public controls” or “access control lists” do. That’s why I choose to put “Access Control List” onto the diagram instead of the “Access Control Matrix.”
Thanks go to Dr. D. Cragin Shelton.
The following links provide more information:
- White Paper: DoD Rainbow Series
- Federation of American Scientists
- Common Criteria Evaluation and Validation Scheme (CCEVS)