Scribd
Upload
94 views6 pages

Understanding Reference Monitors in Cybersecurity

This document discusses reference monitors and their role in access control. A reference monitor enforces access policies to allow or deny read/write/execute access to objects. It must be tamperproof, verifiable, and provide complete mediation. Most systems today use a Trusted Computing Base (TCB) with user and privileged modes. The reference monitor is part of the TCB and controls access decisions. The document provides an example of how an employee access system like Workday maps to the reference monitor model, with subjects being users, objects being resources, an audit file logging access attempts, and a security database enforcing policies. However, allowing personal devices increases risk if those devices are not properly secured.

Uploaded by

api-403267489
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
94 views6 pages

Understanding Reference Monitors in Cybersecurity

This document discusses reference monitors and their role in access control. A reference monitor enforces access policies to allow or deny read/write/execute access to objects. It must be tamperproof, verifiable, and provide complete mediation. Most systems today use a Trusted Computing Base (TCB) with user and privileged modes. The reference monitor is part of the TCB and controls access decisions. The document provides an example of how an employee access system like Workday maps to the reference monitor model, with subjects being users, objects being resources, an audit file logging access attempts, and a security database enforcing policies. However, allowing personal devices increases risk if those devices are not properly secured.

Uploaded by

api-403267489
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Running head: REFERNCE MONITOR 1

Reference Monitor

Raul J. Mendoza

University of San Diego

Foundations of Cyber Security

CSOL 500

September 25, 2016


REFERNCE MONITOR 2

Reference Monitor

A reference monitor is a specific design that enforces access control and the ability to

perform read, write, or execute operations on a specified object. In order to effectively

implement a successful reference monitor concept, it must be tamperproof, verifiable, and invoke

complete mediation. At its inception the MIT Multics time-shared operating system implemented

a protection ring schema that provided different levels that allowed for execution of code or

restricted the ability to access code. In this model the closer to the center ring you were, the less

restrictive your access became. The opposite occurred when you moved further from the center

which meant access became more restrictive. Although in today’s environment we do not use all

these levels, we do however, still implement layers of protection. Most systems today use

Trusted Computing Base (TCB) architecture which can operate in two modes: user mode or

privileged mode.

TCB incorporates all minimum hardware and software required for the security purposes

of the operating system. The reference monitor is part of the TCB and controls all security

decisions associated with access control. Organizations have the ability to implement systems

and services that ensure they can be trusted without necessarily spending the resources to host

them locally. My company uses Workday and Cisco WebEx as a means to extend access to

company resources. Both are Software as a Service (SaaS) systems and allow employees to

collaborate and communicate with ease.

Each employee is provided an employee number/user name by the IT department which

allows for access to resources based on an object oriented security model. For example, when

accessing my Workday I have the ability to lookup specific information within HR tied to my
REFERNCE MONITOR 3

profile. It grants me the access to data and the ability to perform different functions authorized

by the security policy and verified by reference model.

The ultimate goal is to implement a system that effectively applies the necessary access

controls and policies to effectively protect information. In addition, apply the different

components that allow for proper oversight and implementation of such policies and controls.

Below I have identified how the reference monitor authenticates subjects, implements security

policy, and enforces the policy for every access request to objects.(Bosworth, Kabay, & Whyne,

2014, Chapter 24)


REFERNCE MONITOR 4

Number Component Description Workday/WebEx


mapping

1 Subjects Users and associated Employee/user logs


processes used to in via web page,
gain access to mobile device, or
objects. laptop.

2 Objects Files and resources HR information,


where information company
resides. documentation, and
real-time
communications.

3 Audit File Records all attempts All logs have the


made to access ability to capture
objects. Most events successful and
are logged regardless unsuccessful login
of success or failure. attempts,
modifications, or
deletions to objects.

4 Security Database Handles all Responsible for


user/application running the required
requests for access to controls used to
system resources. enforce functionality
and access based on a
user’s and objects
level.

Both Workday and WebEx map to the reference model and utilize effective measures to

provide safe and secure access and communications. Despite these measures, the company

introduces significant risk because of the different access points authorized (e.g. Web, BYOD,

and laptops). Many methods could be used to gain access without authorization. Especially when

authorizing employees the ability to use their own device. By using a personal device, a
REFERNCE MONITOR 5

company lacks the ability to ensure the employee has applied the appropriate patches, security,

or preventative measures to their personal device. Therefore, a significant risk is presented and

could potentially allow for unauthorized access to information within the company.
REFERNCE MONITOR 6

References

Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer Security Handbook (6th ed.).

[Adobe Digital]. Retrieved from [Link]

You might also like