The Reference Monitor Concept

When studying Domain 3, Security Architecture and Engineering, of the CISSP CBK, it is not uncommon that CISSP aspirants are confused by the concept of the reference monitor. The following is a summary of my studying the Orange Book to clarify it.

  • The Anderson Report
    • October of 1972
    • James P. Anderson & Co.
  • Reference Monitor
    • Enforces the authorized access relationships between subjects and objects of a system.
  • The Reference Validation Mechanism
    • An implementation of the reference monitor concept.
    • Must be tamper-proof, always be invoked, and small enough.
  • Security Kernel
    • Early examples of the reference validation mechanism were known as security kernels.
  • References

PS. Access Control Matrix is mentioned in the official CISSP study guide 8th by Sybex, and AIO by Shon Harris. The textbook, Operating System Concepts 9th by Wiley, also introduces the Access Matrix model. However, you find nowhere they appear in the Orange Book but “self/group/public controls” or “access control lists” do. That’s why I choose to put “Access Control List” onto the diagram instead of the “Access Control Matrix.”

Thanks go to Dr. D. Cragin Shelton.

The following links provide more information:


Leave a Reply