Almost all modern computer systems implement protection mechanisms to enforce security policies. Which of the following best describes the key component, which is compliant with the set of design requirements on a reference validation mechanism and enforces the access control policy over all subjects and objects?
A. Security kernel
B. Reference monitor
C. Trusted computing base
D. Trusted Platform Module
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Security kernel.
The reference monitor is a concept, not an implementation or system component. As a key component of an operating system, the reference validation mechanism, aka security kernel in the Orange Book, is an implementation of the reference monitor concept. The security kernel is an instance of the reference validation mechanism.
The following definitions come from the NIST glossary:
- Trusted Computer System: A system that has the necessary security functions and assurance that the security policy will be enforced and that can process a range of information sensitivities (i.e. classified, controlled unclassified information (CUI), or unclassified public information) simultaneously.
- Trusted Computing Base (TCB): Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.
- Reference Monitor: A set of design requirements on a reference validation mechanism which as key component of an operating system, enforces an access control policy over all subjects and objects.
A reference validation mechanism must be:
(i) always invoked (i.e., complete mediation);
(ii) tamperproof; and
(iii) small enough to be subject to analysis and tests, the completeness of which can be assured (i.e., verifiable).
- Security Kernel: Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.
- Mechanism: A process or system that is used to produce a particular result. The fundamental processes involved in or responsible for an action, reaction, or other natural phenomenon. A natural or established process by which something takes place or is brought about. Refer to security mechanism.
Note: A mechanism can be technology- or nontechnology-based (e.g., apparatus, device, instrument, procedure, process, system, operation, method, technique, means, or medium).
- Security Mechanism: A method, tool, or procedure that is the realization of security requirements.
Note 1: A security mechanism exists in machine, technology, human, and physical forms.
Note 2: A security mechanism reflects security and trust principles.
Note 3: A security mechanism may enforce security policy and therefore must have capabilities consistent with the intent of the security policy.
Trusted Computer System
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
幾乎所有現代計算機系統都有保護機制來實現安全政策。 以下哪一項最能描述符合參考驗證機制(reference validation mechanism)之設計要求，並對所有主體(subject)和客體(object)實施訪問控制政策的關鍵元件？
A. 安全內核 (security kernel)
B. 參考監視器 (reference monitor)
C. 可信計算基礎 (trusted computing base)
D. 可信平台模塊 (trusted platform module)