Object Model Design for a Reference Monitor

A reference monitor is an approach to implement a secure system based on access control. Any system can be depicted in terms of subjects, objects, an authorization database, an audit trail, and a reference monitor, as shown in Figure 1. The reference monitor is the control center that authenticates subjects and implements and enforces the security policy for every access to an object by a subject.

Figure 1: Reference Monitor

This is the basic UML for the Reference monitor. It’s the bit in the middle that does all of the work. In an OS this is built deep inside, but it will work anywhere in any system.

Description of elements of the reference monitor

Element Description
Subjects Active entities, such as user processes, that gain access to information on behalf of people
Objects Passive repositories of information to be protected, such as files
Authorization database Repository for the security attributes of subjects and objects. From these attributes, the reference monitor determines what kind of access (if any) is authorized
Audit trail Record of all security-relevant events, such as access attempts, successful or not

How the Reference Monitor Enforces Security Rules

The reference monitor enforces the security policy by authorizing the creation of subjects, by granting subjects access to objects based on the information in a dynamic authorization database, and by recording events, as necessary, in the audit trail. In an ideal system, the reference monitor must meet the following three requirements:

Reference Monitor UML Object Model Diagram

Reference Monitor DB schema diagram

Background Reading

  1. Reference Monitor by Trent Jaeger
  2. OpenVMS Security Model, Chapter 2
AttachmentSize
SQL to create MySQL schema for reference monitor database.6.15 KB